Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Saturday October 06 2018, @08:20AM   Printer-friendly
from the this-password-contains-patterns-known-to-the-State-of-California-to-cause-cracking-and-data-breaches dept.

Submitted via IRC for Bytram

Weak passwords to be banned in California

Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.

The state has passed a law that sets higher security standards for net-connected devices made or sold in the region.

It demands that each gadget be given a unique password when it is made.

Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.

The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.

This can mean a unique password or a start-up procedure that forces users to generate their own code when using the gadget for the first time.

The bill also allows customers who suffer harm when a company ignores the law to sue for damages.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by BsAtHome on Saturday October 06 2018, @11:22AM (4 children)

    by BsAtHome (889) on Saturday October 06 2018, @11:22AM (#745008)

    The number of failure modes for a seatbelt are, for a trained individual, limited.
    The number of failure modes for software are, for a trained individual, not well defined.

    Changing the password is one thing. Updating the software is another story. You do not update your seatbelt every few weeks to get the bugs out, do you?

    Therefore, concentrating on default passwords and "reasonable security" features are a step in the right direction, but have marginal impact in the long run. There is no silver bullet for security and no law can make your software secure. Especially when you consider the complexity of software in general and security in particular.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2, Informative) by Anonymous Coward on Saturday October 06 2018, @11:45AM (1 child)

    by Anonymous Coward on Saturday October 06 2018, @11:45AM (#745010)

    Car analogies are fun. Selling a device with the password "password" is like selling a car with seatbelts made of paper and expecting the consumer to retrofit real seatbelts.

    • (Score: 1, Insightful) by Anonymous Coward on Saturday October 06 2018, @05:12PM

      by Anonymous Coward on Saturday October 06 2018, @05:12PM (#745096)

      I'd say it's more like selling a car with a generic key and expecting the consumer to shape the key and resize the pins themselves.

  • (Score: 0) by Anonymous Coward on Saturday October 06 2018, @04:28PM

    by Anonymous Coward on Saturday October 06 2018, @04:28PM (#745075)

    The number of failure modes for software are, for a trained individual, not well defined.

    Yet for an untrained individual they are innumerable.

    Changing the password is one thing. Updating the software is another story. You do not update your seatbelt every few weeks to get the bugs out, do you?

    If software updates are necessary they should be automatic ... but that will cause havoc in the minds of the "it's mine! I paid for it!" crowd that doesn't want automatic updates. So a very conspicuous "Do you want this device to automatically apply software updates?" question immediately after the required changing of the password.

    There are no perfect solutions to this, but a great deal can be improved with just a few small measures. Let's not ignore the 80% - 90% of prevention we can take with these initial small steps.

  • (Score: 2) by chromas on Saturday October 06 2018, @08:26PM

    by chromas (34) Subscriber Badge on Saturday October 06 2018, @08:26PM (#745149) Journal

    You do not update your seatbelt every few weeks to get the bugs out, do you?

    Not yet.