Submitted via IRC for Bytram
Weak passwords to be banned in California
Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.
The state has passed a law that sets higher security standards for net-connected devices made or sold in the region.
It demands that each gadget be given a unique password when it is made.
Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.
The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.
This can mean a unique password or a start-up procedure that forces users to generate their own code when using the gadget for the first time.
The bill also allows customers who suffer harm when a company ignores the law to sue for damages.
(Score: 2) by el_oscuro on Sunday October 07 2018, @12:36AM
Simply setting the password to the device serial number is vastly superior to any default password. California is right: default passwords *should* be outlawed. Even if a serial number is easily predictable, an attacker would still have to guess it for each device they want to pwn. With any default password, *all* devices they can get to are pwned immediately.
SoylentNews is Bacon! [nueskes.com]