News & Comment: Weak passwords banned in California from 2020

Weak passwords banned in California from 2020

Starting in 2020, default passwords such as “admin” and “password” will be illegal for electronics firms to use in California, according to a new state law that sets higher security standards for net-connected devices made or sold in the region. Unique passwords will now be required for each gadget since easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm. The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with “reasonable” security features



Tim Erlin, VP, product management and strategy at Tripwire, provided the following comments:

“There’s always more to do with information security, but sometimes targeted legislation addressing a specific problem can be effective. Weak passwords are a problem, but this bill aims to address a more challenging and serious problem with poor default security in vendors’ products. It’s important that vendors see security as their responsibility, even after the customer takes possession of the product.”