A new law will make weak default passwords illegal. Hardly surprising when you consider the world’s most commonly used password is “123456”…closely followed by “password”.
After next year, any manufacturer planning to sell in California will be forced to programme a unique default password into every single device they make.
Default passwords such as “admin”, “qwerty” and “letmein” will be illegal in the state from January 1, 2020.
The Information Privacy: Connected Devices Bill states that any customer who falls victim to hackers can sue manufacturers who fail to comply.
There have been a number of recent cyber attacks that took advantage of easy-to-guess default passwords.
They offered an open door for hackers to gain access to homes and businesses, allowing them to spread various types of malware.
Research by Israel’s Ben-Gurion University showed that smart devices with default passwords, including baby monitors, doorbells and thermostats, could be gateways for cyber criminals.
BGU senior lecturer Dr. Yossi Oren said: “It is truly frightening how easily a criminal, voyeur or paedophile can take over these devices.”
Last year security experts revealed that BT, TalkTalk and Sky routers could be attacked with the same hack as one that affected Virgin Super Hub 2 devices.
Ken Munro of Pen Test Partners told the BBC: “This problem has been known about for years, yet still internet service providers issue routers with weak passwords.
“And consumers don’t know that they should change them.”