Default Passwords for Smart Connected Devices Banned in California
The legislation institutes stricter passwords for smart physical devices, including smart home security gear, that collect and share data from users.
SACREMENTO, Calif. — California has passed a law that bans default passwords for all Internet of Things (IoT) devices, including smart home security gear.
Beginning Jan. 1, 2020, the legislation (Senate Bill No. 327) requires manufacturers of a connected device to equip it with a “reasonable security feature or features.” The bill mandates that manufacturers must provide default passwords that are unique to each device or prompt the user to generate a new password before using the product.
The bill aims to improve security for the vast number of consumers who do not change default passwords — such as “123,” “password” or “admin” — that come with new devices. In doing so, the legislation effectively bans pre-installed and hard-coded default passwords to any connected device, which is defined as a “physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”
Although the goal of the bill is to thwart hackers from installing malware and use infected devices as part of botnet attacks, the ban has left some cybersecurity professionals skeptical of its true efficacy.
“I think the law that the State of California is contemplating is a great first step, but it’s just a first step in a very long road to ensuring security around the globe,” Bill Evans, senior director at One Identity, told the Verdict.
Evans said a preferred approach would be one that doesn’t mandate specific action. “Rather, governments should use the levers at their disposal to incentivize enterprises to solve the problems in ways that meet their needs,” he said.
The bill was approved by the California Assembly and Senate in August and was signed into law by Gov. Jerry Brown on Sept. 28.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.