California to ban weak passwords
Home to Apple, Google and Facebook to name just a few, California is certainly a place that has been at the forefront of technological innovation, and as a result, some of history’s most notable data breaches.
As technology becomes a bigger part of daily life it is more common than ever for people to own countless accounts with, more often than not, similar weak passwords. In fact, data shows that weak passwords are responsible for a massive 81% of all data breaches – unsurprising when you consider some of the most popular passwords globally, which include – ‘123456’, ‘Password’, ‘qwerty’ and ‘letmein’.
Despite multiple warnings, advised passwords length and characters, and the proof that a weak password can leave your accounts vulnerable, it seems like even large corporations can’t seem to get it right; let’s not forget the US$70bn lawsuit of Equifax which was blamed in part to the fact that customer details were accessed using the password ‘admin’.
But this week, in a world first, the state of California has passed a bill which aims to crackdown on weak passwords and improve internet security. The Information Privacy: Connected Devices Bill states that from 2020 weak passwords or default passwords will be banned and that every state made or sold product should be given a unique password to protect it prior to sale.
It outlines that all products should have “a pre-programmed password unique to each device manufactured" or "a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time”, and that they should "require a manufacturer of a connected device to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device… and designed to protect the device and any information contained therein from unauthorised access, destruction, use, modification, or disclosure, as specified."
Owners of devices will also have extra protection in that they could sue a manufacturer if their gadgets do not have sufficient security features at point of sale.
Whilst there is definitely a long way to go in the fight against hacking this certainly seems like a step in the right direction, with responsibility thrust upon companies that have until now done less than enough to ensure customer safety in the past.