Australia markets close in 2 hours 21 minutes
  • ALL ORDS

    7,500.90
    -42.70 (-0.57%)
     
  • ASX 200

    7,210.90
    -30.30 (-0.42%)
     
  • AUD/USD

    0.7021
    +0.0017 (+0.24%)
     
  • OIL

    67.81
    +1.55 (+2.34%)
     
  • GOLD

    1,787.30
    +3.40 (+0.19%)
     
  • BTC-AUD

    69,745.23
    -750.71 (-1.06%)
     
  • CMC Crypto 200

    1,259.65
    -182.11 (-12.63%)
     
  • AUD/EUR

    0.6215
    +0.0028 (+0.46%)
     
  • AUD/NZD

    1.0389
    +0.0018 (+0.17%)
     
  • NZX 50

    12,592.10
    -84.40 (-0.67%)
     
  • NASDAQ

    15,712.04
    -278.76 (-1.74%)
     
  • FTSE

    7,122.32
    -6.89 (-0.10%)
     
  • Dow Jones

    34,580.08
    -59.72 (-0.17%)
     
  • DAX

    15,169.98
    -93.12 (-0.61%)
     
  • Hang Seng

    23,457.25
    -309.44 (-1.30%)
     
  • NIKKEI 225

    27,866.81
    -162.76 (-0.58%)
     

California bans default passwords on any internet-connected device

·Contributing writer
·1-min read

In less than two years, anything that can connect to the internet will come with a unique password — that is, if it's produced or sold in California. The "Information Privacy: Connected Devices" bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about two weeks to approve the proposal made by the state senate.

The new regulation mandates device manufacturers to either create a unique password for each device at the time of production or require the user to create one when they interact with the device for the first time. According to the bill, it applies to any connected device, which is defined as a "physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address."

The law is clearly aimed at stopping the spread of botnets made up of compromised network devices, such as routers, smart switches or even security cameras and other IoT equipment. Malicious software could often take control of them by trying easy-to-guess or publicly disclosed default login credentials. It's not entirely clear yet as to how the new regulation will affect legacy industry hardware from the 1980s and 1990s where passwords are either hard-coded or next to impossible to change.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting