California One of First US States that Banned Use of Default Passwords for IoT Devices
California passed a law that banned default passwords for all IoT devices including smart home security equipment, according to an article by Security Sales & Integration (SSI), becoming one of the first states in the U.S. to pass this type of legislation.
From the article: “The bill aims to improve security for the vast number of consumers who do not change default passwords — such as “123,” “password” or “admin” — that come with new devices. In doing so, the legislation effectively bans pre-installed and hard-coded default passwords to any connected device, which is defined as a “physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”
Default passwords must be unique to each device, or the user must be prompted to change the default prior to using the product, according to the SSI article.
The bill was signed into law on Sept. 28, 2018. For more, click here to read the entire article.
Hikvision’s director of cybersecurity, Chuck Davis, discussed default passwords in an interview with Campus Safety magazine earlier this year. In it, he said: “Defaults are really bad. Hackers love to focus on defaults because they realize a lot of people don’t change defaults, whether it’s default passwords or ports or different configurations. So, always make sure you’re changing those defaults.”
Below are some tips for creating and maintaining complex passwords.
Password Tips from Hikvision
To make it more difficult for passwords to be hacked, it is important to create strong and complex passwords. Below are a few tips that Davis shared in a recent blog:
- Create a long, strong password: Develop a strong password, which includes multiple character sets such as uppercase, lowercase, numbers and special characters. Make it long—eight characters or more. Davis added: the longer the password, the better.
- Use a password management tool: As you create more complex passwords that different from site to site, you may find it difficult to remember them. A best practice is to use a “password management tool,” which can help you generate and retrieve complex passwords.
- Where possible, enable multi-factor authentication (MFA): Enable MFA, especially where you have only a username and password protecting sensitive data. Many sites support MFA, but not many people are aware that they have the option to enable MFA.
For more cybersecurity insights from Hikvision, click here.