Weak passwords such as ‘admin’ and ‘1234’ will be banned in California from 2020 as part of a crackdown on cyber attacks.
A new law has been passed that requires manufacturers to give each gadget a unique, complex password and ‘reasonable’ security features.
This also means making sure that users have to generate their own password when they use their gadget for the first time.
The bill means that customers who have their gadgets hacked could sue a company if it did not abide by these new changes.
Manufacturers often use a single password because it is easier for them.
However, lots of consumers don’t bother to change this password and don’t end up creating their own.
The Information Privacy: Connected Devices bill, which will start on the 1 January 2020, looks to crack down on the growing number of cyber attacks that take advantage of easy-to-guess passwords, writes BBC.
According to the bill, manufacturers must ‘equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device’.
This includes ‘appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorised access, destruction, use, modification, or disclosure, as specified’.
Earlier this year it was revealed that thousands of government workers have left confidential data susceptible to hacking by using weak and obvious passwords.
An investigation of West Australian Government agencies found that 26 per cent of public servants used weak or easy-to-guess passwords.
Caroline Spencer, auditor-general of the investigation, told ABC News the agencies examined had as many as half of their sensitive or confidential accounts protected by weak passwords.
‘Those passwords contain agency systems, which contain sensitive and confidential information, to inappropriate access and unauthorised use,’ Ms Spencer said.
She continued to explain how the lack of security was placing sensitive and confidential information ‘at risk’ of being accessed by hackers.
‘We are still finding that agencies are not taking the risk to information system security and capability seriously enough,’ she said.
As part of the audit, Ms Spencer revealed that ‘password’ was one of the top logins, with one in five easy-to-guess passwords being a variant of the date.
‘Password123’, ‘Project10’, ‘support’ and ‘Password1’ were other commonly used logins that ranked highly, with ‘abcd1234’ and ‘password2’ in the top five.
The news of the lack of security by Australian public servants also caused a number of people to share their frustration with officials on Twitter.
‘How it was discovered that ‘more than 1,400 public servants using ‘Password123′ as their login’? Guess good Russian hackers reported the issue to government,’ one person wrote.
Another person wrote: ‘They’re too busy rorting the system to choose effective passwords.’
A third person added: ‘It’s written on a post-it stuck to the monitor.’
The investigation also raised concerns about the risk of systems being hacked remotely, after the auditor general’s office was able to gain system administrator access to one agency using the password ‘Summer123’.