California just became the first state to put a cybersecurity law on the books for any internet-connected devices that are made or sold in the state. This new legislation goes into effect January 2020 and is designed to protect consumers by setting higher security standards for smart devices.
To comply with this new law, companies will either need to set a unique password for the device at the time of manufacture or prompt people to set a new password during the initial device setup.
This is a big step in the right direction for safety and privacy. Too often, people in a rush to get up and running will leave the default password in place rather than taking the time to set a strong password. Unfortunately, the default passwords are trivial to crack.
As well as putting our privacy at risk, default passwords make it possible for hackers to take control of thousands of devices at once and use them to bring down other services. Twitter, Spotify, and Reddit have all been attacked in this way.
Although smart devices make our lives easier, they can also make us more vulnerable. Banning default passwords will certainly help with security, but it isn’t enough on its own. People are still likely to pick insecure, easy-to-remember passwords when setting up a new device. It’s important to use strong, unique passwords everywhere – from your Twitter account to your espresso machine, and without a password manager, that’s just not practical.
“People are often too relaxed about the security of their home network, and leaving the default password on smart devices is far too common,” says Jeff Shiner, 1Password CEO. “While requiring users to create new passwords on launch is a great first step, manufacturers still have a greater responsibility to ensure software is frequently updated and patched against security threats.”
While this current law only applies to California, the benefits will be felt nationwide for any devices manufactured within the state. And it’s likely only a matter of time before other laws start to pop up in other states.
Tweet about this post