cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Newcomer II

California passes law that bans default passwords in connected devices

No more "admin/admin" or "password/password". Enforcement and penalties are not mentioned.

 

 

 

 

 

https://techcrunch.com/2018/10/05/california-passes-law-that-bans-default-passwords-in-connected-dev...

2 Replies
Newcomer III

Re: California passes law that bans default passwords in connected devices

The next step should be to ban all most popular passwords a'la 123456, password123 or defining mandatory regex for passwords should be even easier.

Advocate I

Re: California passes law that bans default passwords in connected devices


@kpinkham wrote:

No more "admin/admin" or "password/password". Enforcement and penalties are not mentioned.

 

https://techcrunch.com/2018/10/05/california-passes-law-that-bans-default-passwords-in-connected-dev...


You can read the bill itself here:

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327

 

From the bill:

"(d) This title shall not apply to any connected device the functionality of which is subject to security requirements under federal law, regulations, or guidance promulgated by a federal agency pursuant to its regulatory enforcement authority."

My interpretation: This law does not apply to any government systems or critical infrastructure systems that have legal or regulatory security mandates, such as FISMA or RMF or CSF. 

 

"(e) This title shall not be construed to provide a basis for a private right of action. The Attorney General, a city attorney, a county counsel, or a district attorney shall have the exclusive authority to enforce this title."

My interpretation: (a) it is up to state or local prosecutors to enforce the law. It is not clear that they would do so by filing criminal charges or by civil suit, but I suspect the latter.

(b) no private or personal civil lawsuits can use this law as the basis for the suit.

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/