California bans the lazy password

The easy-to-remember passwords that characterised the early years of internet log-in culture will soon become a thing of the past on the US west coast.

 Words such as ‘admin’ ‘password’, or number-chains such as ‘123456’ so favoured by users less diligent users to internet security, are to become illegal in California as of 2020.

The move is part of a wider commitment within the sunshine state towards a stronger data security culture, and will mean connected devices which it manufactures or sells will have to have its own unique password.

Basic, one-word passwords are all-too-often the weakness that cyber criminals exploit in order to gain unauthorised access into IT systems around the world, to potentially disastrous effect.

California’s legislature has formulated the Information Privacy: Connected Devices bill, which obliges manufacturers to ensure that the products they make have stronger security built in, whether that includes a password or log-in mechanism which sees users creating their own pass codes when they first start using the device.

The bill also enables customers to sue for damages if they incur harm should a company not comply with the legal changes. As reported on technology website, The Register, Kieren McCarthy described the bill as a “huge step forward”, but also added that it represented a “massive missed opportunity.”

McCarthy points to the issue of devices which are not compatible with being updated, and how this creates a bigger problem than easy-to-guess passwords.

“New security holes are being discovered all the time and they typically take advantage of the various authentication systems that exist in such products but which are invisible to consumers,” McCarthy says.

He also advocates the inclusion of further clauses in Californian law to force manufacturers to take a broader approach to the data security issue to narrow the options open to nefarious parties online.

So often these days, hackers can easily get into our electronic gadgets around the home because the passwords are so easy to work out.

Twitter, Spotify and Reddit were among platforms taken offline in 2016 owing to an attack of this nature, the perpetrators of the crime taking advantage of the inefficacy of passwords that guarded large domestic networks of connected devices.

Currently, attention has turned to the 500,000 household gadgets coming under attack from VPNFilter, a malware virus that hits domestic routers.


The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.

Pre-registration for DPWF 2019 will be opening in the coming weeks.

https://www.dataprotectionworldforum.com/