New law in California bans default passwords

Discussion Of All Legal Topics Anything Goes, No Personal Information or Attacks.
Trading, Buying, Selling Links, Traffic, Domains, Websites Go Here.
Looking for Work or Hiring Employees or Independent Contractors Post Here.
Sponsor Announcement & News
User avatar
badkitty
Posts: 1068
Joined: February 6th, 2018, 11:33 am

New law in California bans default passwords

#1

Post by badkitty » October 5th, 2018, 8:48 pm

Is this going too far or what?

Good news!

California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer electronics starting in 2020.

Every new gadget built in the state from routers to smart home tech will have to come with “reasonable” security features out of the box. The law specifically calls for each device to come with a preprogrammed password “unique to each device.”

It also mandates that any new device “contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time,” forcing users to change the unique password to something new as soon as it’s switched on for the first time.

For years, botnets have utilized the power of badly secured connected devices to pummel sites with huge amounts of internet traffic — so-called distributed denial-of-service (DDoS) attacks. Botnets typically rely on default passwords that are hardcoded into devices when they’re built that aren’t later changed by the user. Malware breaks into the devices using publicly available default passwords, hijacks the device and ensnares the device into conducting cyberattacks without the user’s knowledge.

Two years ago, the notorious Mirai botnet dragged thousands of devices together to target Dyn, a networking company that provides domain name service to major sites. By knocking Dyn offline, other sites that relied on its services were also inaccessible — like Twitter, Spotify and SoundCloud.

Mirai was a relatively rudimentary, albeit powerful botnet that relied on default passwords. This law is a step in the right direction to prevent these kinds of botnets, but falls short on wider security issues.

Other, more advanced botnets don’t need to guess a password because they instead exploit known vulnerabilities in Internet of Things devices — like smart bulbs, alarms and home electronics.

As noted by others, the law as signed does not mandate device makers to update their software when bugs are found. The big device makers, like Amazon, Apple and Google, do update their software, but many of the lesser-known brands do not.

Still, as it stands, the law is better than nothing — even if there’s room for improvement in the future.
https://techcrunch.com/2018/10/05/calif ... yptr=yahoo




User avatar
BHT
Posts: 1181
Joined: March 30th, 2018, 3:28 pm

#2

Post by BHT » October 6th, 2018, 7:31 pm

Jesus now we have to be told what passwords we can or can not use, this is too much legislating




User avatar
Jag
Posts: 4289
Joined: February 15th, 2018, 9:51 am
Title: From Malta with love
Referrals: 1

#3

Post by Jag » October 7th, 2018, 8:05 am

It's not necessary I for one change all login passwords every site regularly
From Malta with love and sunshine

STICK
Posts: 178
Joined: February 25th, 2018, 7:28 am

#4

Post by STICK » October 8th, 2018, 10:57 am

They must be really bored in Sacramento to think of this idea for a new law. How about they worry about our illegal immigration problem instead/




greatpornlinks
Posts: 1132
Joined: June 14th, 2018, 6:51 pm

#5

Post by greatpornlinks » October 9th, 2018, 11:00 am

We need a law on passwords????
Never have your honey where you make your money.
~ HeidiHoe 2023

User avatar
vblogger
Posts: 1417
Joined: February 17th, 2018, 2:48 pm

#6

Post by vblogger » October 11th, 2018, 8:28 am

It's crazy how we have to mandate so many little things in Cali




ispdn
Posts: 932
Joined: March 25th, 2018, 8:23 pm

#7

Post by ispdn » October 13th, 2018, 12:47 pm

Only in California an they think of useless laws to waste time and tax payer dollars on




User avatar
killah
Posts: 1038
Joined: March 7th, 2018, 6:18 pm

#8

Post by killah » October 14th, 2018, 12:50 pm

It actually makes sense

User avatar
HeidiHoe
Posts: 1541
Joined: February 3rd, 2018, 12:20 pm
Title: Resident Genius

#9

Post by HeidiHoe » October 14th, 2018, 2:09 pm

The unique password for each device is a good idea and may very well prevent someone from using loads of things in DDoS attacks but if the passwords are unique why force consumers to change them? Shouldn't that then be optional? You know there's morons out there that'll change it to admin, password, 123456, etc.

Check out the internet of things. You'll be surprised by the number of devices left unsecured or that can be accessed with default passwords. For example there's security cameras you can view and change the settings on.
Soylent Green is People!

xxxman
Posts: 403
Joined: April 7th, 2018, 1:01 pm

#10

Post by xxxman » October 15th, 2018, 11:47 am

You should never use the same password for more than one device, it is asking for trouble.




Sneaky
Posts: 626
Joined: March 5th, 2018, 5:21 pm

#11

Post by Sneaky » October 16th, 2018, 9:06 am

xxxman wrote:
October 15th, 2018, 11:47 am
You should never use the same password for more than one device, it is asking for trouble.


Well duh that is obvious

linux
Posts: 115
Joined: February 4th, 2018, 12:12 pm
Contact:

#12

Post by linux » October 16th, 2018, 10:12 am

Only in California can legislatures be so useless - "stupiduseless" should be the new default password. :)
Dave L.
FC Financial LLC
1-727-233-1111
Skype - fc-financial

User avatar
WhitelabelIT
Posts: 325
Joined: April 10th, 2018, 12:13 pm
Contact:

#13

Post by WhitelabelIT » October 16th, 2018, 10:47 am

This seems like something that should have been done a while ago, although what Heidihoe says makes complete sense, Im sure there are people that will change the password to those generic passwords. I suppose those passwords even though they are unique must be stored somewhere, for support purposes.
Host4Porn.com: World Wide Adult Web hosting done right! Fast, easy and affordable!

User avatar
viking
Posts: 1107
Joined: March 18th, 2018, 8:28 pm

#14

Post by viking » October 18th, 2018, 8:02 am

It's not going to impact people, it's a preventative measure.




User avatar
gspotman
Posts: 866
Joined: June 6th, 2018, 7:42 pm

#15

Post by gspotman » October 23rd, 2018, 10:43 am

Fine I get the idea behind it but what next there has to be a law that you have to log out of every site on exit???????




New law in California bans default passwords

Post Reply