Starting in 2020, insecure default passwords will be made illegal in California, meaning that soon you’re probably going to have to write down a whole bunch of new passwords.
The Information Privacy: Connected Devices bill has been passed in California and among its additions to law is is the requirement that all technology devices come with a randomized default password. No longer will companies be able to set every device with the long-held standard of admin/password before relying on users to change it to something that a kindergartener can’t guess.
You might have already seen this employed in the case of certain routers and other home electronics that have administrative panels, but until now it’s never been required.
The law won’t apply to devices sold prior to 2020, and if you want to change a login for your router to admin/password after you buy it, then you don’t have to worry about paying the nasty fines that the bill proposes.
This move comes as a consequence of several years of private data being hacked, much of which was obtained by gaining access to accounts with overly simplistic passwords, like “hotdog” and “bananaphone”. In fact, in 2014 a study indicated that 47% of U.S. adults have had their personal information exposed by events such as the Target hack that compromised more than 70 million customers.