CATEGORIES
home News

California Bans Comically Weak Default Passwords For Internet-Connected Devices

by Brandon HillFriday, October 05, 2018, 02:39 PM EDT
In recent years, we've seen a number of garden variety consumer electronics devices -- including routers and webcams among others -- that have been sucked into zombie botnets to wreak havoc around the globe. Many of those devices were accessible due to extremely weak passwords that were enacted by default by their manufacturers.

California, however, is looking to change this and has passed a law that would require all internet-connected device sold in the state to have a unique "strong" password. This unique password would be obtained in one of two ways as outlined by the "Information Privacy: Connected Devices" bill.

archer c5400x 1

Manufacturers can choose to give each individual device a unique password that is assigned at the time of production. The user would then use that password to login to the device, and then could change it (if they so choose) after the initial setup. The second method would be to require the user to create a password when they perform the initial, mandatory setup of the internet-connected device.

Given that most users don't both to change their password after setting up their devices (which is why botnets are able to spread with reckless abandon), it seems as though the first option with a unique OEM-provided password would be the most secure. If the end-user is forced to create his or her own password (and if a hard-to-guess strong password isn't required), chances are that users could still input an air-password like "password" or "12345", much to President Skroob's displeasure. 

According to the law, "'Connected device' means any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address."

As the law outlines, it will be illegal for manufacturers to ship devices with default passwords like "admin" or "password" starting on January 1st, 2020.

Tags:  Malware, California, botnet, IoT
Brandon Hill

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment