“Password123” isn’t an easy password option anymore. At least, it isn’t in California.
The Golden State’s governor just signed a law barring companies from selling Internet-connected devices with preprogrammed passwords that are easy to guess or crack and leave them vulnerable to malicious hackers. Starting in 2020, all Internet of Things devices made or sold in California — whether they’re refrigerators, thermostats or cars — must come equipped with unique passwords, or a feature that requires the user to set their own unique password.
The law makes California the first state in the country to set cybersecurity standards for the rapidly proliferating IoT business. It’s a step toward defending against cyberattacks such as the massive Mirai botnet that harnessed the power of hijacked devices to disable major websites in 2016.