Have you ever heard of a ‘common sense law’? Well, California just passed SB327 that raises cybersecurity standards. And it is great timing too, because it’s October and its National Cyber Security Awareness Month.
But first, what is a ‘common sense law’? When something is ‘common sense’ and ultimately good for you, but yet not enough people are doing that ‘something’, then the lawmakers create a law that requires you to do that ‘something’. An example would be ‘seat belt laws’ in the US.
In the case of California, starting in 2020, SB327 bans the manufacturing and selling of devices with default user names and passwords like “admin”, “12345” and the ever popular classic ‘password’. This is definitely something that is good for you!
Every every new product built from routers to smart home gadgets will have to come with ‘reasonable’ security features out of the box. In fact, the law specifically requires each device to come preprogrammed with a password ‘unique to each device’. Naturally, this will probably increase the costs to manufacturers, which will ultimately be passed on to consumers. Even if it does, that is still OK. Remember, it's good for you.
Oh, and not to stop there, if the device cannot generate it's own 'unique' preprogrammed password, the law mandates the device will ‘contain a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time’. This means users will be forced to change that unique password anyway to something new as soon as the product is turned on for the first time. Ok, remember, it is good for you !
It's basically common sense, when you think about it. But, how many times have you simply plugged in a new WI-FI connected device and are very happy that it just plain works. It’s great when you don’t have to fiddle with settings or be concerned about whether they have passwords or not. Hey, I wasn’t asked for a password, so my device doesn’t need one, right? Wrong.
It’s common sense. Start today. Check your devices. Read their manuals. Do they provide settings to change passwords? If so, then determine what user name and passwords are they using.
If it’s a ‘default’ user name and password, like Admin and 12345, you could be in for trouble. Why? Because software like botnets and malware are on the lookout for devices that use those and similar ‘default’ security credentials. Once they identify a vulnerable device they can hijack it to conduct nefarious activities such as distributed denial-of-services (DDos) attacks or hacking into your home network and stealing valuable personal information on connected computers.
California’s law is a great start, but you don’t need a new law telling you to be safe on-line.
You are your first line of cyber security defense. Securing your devices is common sense.