The state of California has passed new legislation aimed at improving security practices of connected device manufactures. The new law, SB-327 Information privacy: connected devices bill, will go into effect January 1, 2020,
This law will place new requirements on manufacturers of connected devices. While not requiring adherence to any specific security standards, the law requires manufacturers to equip the device with “reasonable” security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.
When it comes to passwords, the bill requires manufacturers to program their devices with unique default passwords and require the user to set up their own password when configuring the device.