According to TechCrunch, Californians’ personal information and devices will be more protected than ever. That’s because the state recently passed a law banning default passwords – like “admin,” “12345,” and “password” – from all consumer devices. The law will take effect in 2020.
When it comes to passwords, the new law will mandate the following:
- Every new gadget made in California will be programmed with “reasonable” security features, and will require that each device is preprogrammed with a unique password.
- All devices must contain security features that require users to create a new means of authentication before access is granted to the device for the first time.
These new features will help protect users against cyberattacks, including those from botnets. Historically, botnets have detected weaknesses in poorly protected devices, and used those weaknesses to attack high traffic sites. Those key soft spots were often caused from default passwords: “Botnets typically rely on default passwords that are hardcoded into devices when they’re built that aren’t later changed by the user,” TechCrunch says. “Malware breaks into the devices using publicly available default passwords, hijacks the device and ensnares the device into conducting cyberattacks without the user’s knowledge.”
TechCrunch also says that advanced botnets don’t have to guess at users’ passwords because they go for other vulnerabilities in the Internet of Things, including smart bulbs, alarms, and home electronics.
Other things to keep in mind:
While California’s new law is meant to keep consumers’ information safer, it does not mandate device makers to update software if and when any bugs are discovered. According to The Register, the failure to update software is an even bigger problem than default passwords. Failing to update software is a missed opportunity to add another layer of security over sensitive information.
This risk is present even if companies do update their software – that’s because the responsibility is up to users to update; for example, if they don’t remember to update the software, their information becomes vulnerable. End users that aren’t familiar with updating their devices are at an even bigger risk: “New security holes are being discovered all the time and they typically take advantage of the various authentication systems that exist in such products but which are invisible to consumers.” As a result, California decision makers and users alike should consider familiarizing themselves with the new law, especially if they plan on investing in a new device by 2020.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply