It will be considered illegal for the electronic firms to use default and weak passwords such as “admin” and “password” in California from 2020.
This law which has been passed by the state is believed to set higher security standards for net-connected devices made or sold in the state. It is required that each gadget must be given a unique password during manufacturing.
Earlier easy-to-guess passwords enabled the frequency of cyber-attacks to spread more quickly causing more harm.
The Information Privacy: Connected Devices bill also demands the electronics manufacturers to have their products manufactured with “reasonable” security features. This means that it should have a unique password or a start-up procedure that pressures the users to generate their own password while using the device for the first time.
The bill also permits the customers who suffer harm when a company ignores the law to sue for damages. This law has been considered as a “step forward” and a “massive missed opportunity”. A larger problem than weak passwords was the making of devices which were not able to be updated.
Recently most of the cybercrimes have made use of the default and easy passwords on the devices found in millions of homes and offices.
In late 2016, Twitter, Spotify, and Reddit were some of the sites which were taken offline by an attack that took advantage of poor passwords on lots of net-connected gadgets including webcams and other smart home hardware.