Thank you!

We have emailed you a PDF version of the article you requested.

Can't find the email?

Please check your spam or junk folder

IFLScience Home
IFLScience logo

"California Just Banned Stupid Default Passwords That Are Easy To Guess"

Complete the form below and we will email you a PDF version

You can unsubscribe at any time. View ourprivacy policy and terms below.

IFLScience needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out ourPrivacy Policy

Advertisement

technologyTechnology
clockPUBLISHED

California Just Banned Stupid Default Passwords That Are Easy To Guess

author

Jonathan O'Callaghan

author

Jonathan O'Callaghan

Senior Staff Writer

BookView full profile

BookRead IFLScience Editorial Policy

Senior Staff Writer

designer491/Shutterstock

California, not content with stopping bots from pretending to be human, has passed a law to basically make stupid passwords illegal.

From January 1, 2020, the "Information Privacy: Connected Devices" bill will ban default passwords on new devices. That means things like “password” or “123456” will no longer be allowed – instead, all new passwords must be unique.

Advertisement

This doesn’t mean that if you use a password like that you’ll need to change it – although you really should. It actually applies to device manufacturers, telling them that any Internet-connected device can’t come with an easy-to-guess password installed.

“This bill… would require a manufacturer of a connected device… to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device,” the bill states.

The idea is this will enable a crackdown on botnets that prey on weak passwords to break into devices. If a device is pre-loaded with a weak password, then it makes it all the more vulnerable.

However, the bill has been criticized for not going far enough. The Register notes that it is a “massive missed opportunity”, and highlights a “dangerous lack of decent technical knowledge in the corridors of power.”

Advertisement

The main problem, they say, is that passwords are the “lowest-hanging fruit” to fix. The bigger problem is failing to update software, something people often have to manually do. And if they won’t change their password, then there isn’t much hope they’ll install updates when prompted.

As noted by Engadget, it’s also unclear how the bill will affect older devices from the 1980s or 1990s, which have passwords that are difficult to change.

But Tech Crunch said the bill was “better than nothing”, even if there was “room for improvement”. They highlighted previous attacks, like the Mirai botnet, which was able to use default passwords to take down various sites including Twitter and Spotify.

The bill comes just a week after California passed another bill to beef up digital security, with the state passing a law that prevents online bots from pretending to be human. This bill was designed to tackle bots that swung the 2016 US Presidential Election in favor of Trump – and now they're taking on passwords, too.

ARTICLE POSTED IN

technologyTechnology
  • tag

  • bill,

  • illegal,

  • ban,

  • California,

  • password,

  • botnet

FOLLOW ONNEWSGoogele News

technology

More Technology Stories

A Guy Tried To Make A Toaster From Scratch And It Failed BeautifullyA silver electronic device saying "Hot SURFACE" on a toaster.
technologyTechnology

A Guy Tried To Make A Toaster From Scratch And It Failed Beautifully

clock2 days ago
share64
Why Do Keyboards Follow The QWERTY Layout?The keys on a white typewriter set out in the traditional QWERTY format.
technologyTechnology

Why Do Keyboards Follow The QWERTY Layout?

clock3 days ago
comments1
share37
Gemini: Google's Answer To ChatGPT Looks Pretty MindblowingPhoto of Out of Focus IT Technician Turning on Data Server.
technologyTechnology

Gemini: Google's Answer To ChatGPT Looks Pretty Mindblowing

clock3 days ago
share48