California One of First US States that Banned Use of Default Passwords for IoT Devices

October 19, 2018

Hikvision Offers Tips to Create and Maintain Complex Passwords

California passed a law that banned default passwords for all IoT devices including smart home security equipment, according to an article by Security Sales & Integration (SSI), becoming one of the first states in the U.S. to pass this type of legislation.

From the article: “The bill aims to improve security for the vast number of consumers who do not change default passwords — such as “123,” “password” or “admin” — that come with new devices. In doing so, the legislation effectively bans pre-installed and hard-coded default passwords to any connected device, which is defined as a “physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”

Default passwords must be unique to each device, or the user must be prompted to change the default prior to using the product, according to the SSI article.

The bill was signed into law on Sept. 28, 2018. For more, click here to read the entire article.

Hikvision’s director of cybersecurity, Chuck Davis, discussed default passwords in an interview with Campus Safety magazine earlier this year. In it, he said: “Defaults are really bad. Hackers love to focus on defaults because they realize a lot of people don’t change defaults, whether it’s default passwords or ports or different configurations. So, always make sure you’re changing those defaults.”

Below are some tips for creating and maintaining complex passwords.

Password Tips from Hikvision
To make it more difficult for passwords to be hacked, it is important to create strong and complex passwords. Below are a few tips that Davis shared in a recent blog:

  1. Create a long, strong password: Develop a strong password, which includes multiple character sets such as uppercase, lowercase, numbers and special characters. Make it long—eight characters or more. Davis added: the longer the password, the better.
  2. Use a password management tool: As you create more complex passwords that different from site to site, you may find it difficult to remember them. A best practice is to use a “password management tool,” which can help you generate and retrieve complex passwords.
  3. Where possible, enable multi-factor authentication (MFA): Enable MFA, especially where you have only a username and password protecting sensitive data. Many sites support MFA, but not many people are aware that they have the option to enable MFA.

For more cybersecurity insights from Hikvision, click here.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).