Submitted via IRC for Bytram
Weak passwords to be banned in California
Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.
The state has passed a law that sets higher security standards for net-connected devices made or sold in the region.
It demands that each gadget be given a unique password when it is made.
Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.
The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.
This can mean a unique password or a start-up procedure that forces users to generate their own code when using the gadget for the first time.
The bill also allows customers who suffer harm when a company ignores the law to sue for damages.
(Score: 0) by Anonymous Coward on Saturday October 06 2018, @01:34PM
The thing is engineers DO say things to their bosses about things like this. Usually they are treated like assholes for "making trouble". Then after a million devices get pwned, the boss goes to the guy who brought it up and wants him to write software to commit a million counts of computer tresspass after the fact to fix the problem.
I'll leave it to your imagination as to whether that problem gets fixed. But there are a lot of engineers out there with "get out of jail free" cards in their personal safes. The problem became so common back in the thou's that they created a whole new term for it: "automatic update".