california law password security

New Password Law in California Beginning of 2020

Here at Prilock securing your digital life is our main priority.  We advise our readers to update their systems, be slow to click when opening up emails or going on websites, and to use strong as well as unique passwords for each account.  California seemed to have taken our training as there’s a new law put into action.

New Law in California

Starting 2020 California passed a law banning default passwords such as admin, 123456, and password from all new consumer electronics.

With this new order in place, new technology will have to come with “reasonable” security features out of the box.  Each new device will be set up with a preprogrammed password unique to each device.

The law mandates that any new device “contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.”  Therefore, for a user to use the device for the first time, they must change the password to something new.

Protection Against Botnets

This law prevents botnets from conducting Distributed Denial of Service attacks.  Devices that continue to use the default password installed are particularly vulnerable to these attacks.

These default passwords are hardcoded into the device, which the malware can break into and hijack the device without the user’s knowledge.

Mirai Botnet

About two years ago, a botnet referred to as Mirai built a device army targetting Dyn, a company that provides domain name service to major sites.  They successfully knocked Dyn offline, preventing other sites that depended on its service were also impacted and inaccessible such as Twitter, Spotify, and SoundCloud.

This compelling botnet relied on default passwords to create its botnet army.  The law will prevent these kinds of botnets.

The Law Isn’t Perfect

The law as is does not mandate device creators to update their software when vulnerabilities are exploited and bugs are found.  Larger companies like Amazon, Apple, and Google to update their software, but the newer brands may not.

Having a law in place is better than nothing.  There’s room in the future for improvement, but as for now, it’s wise to bring attention to security in the legal system.

Original Article Found Here.