Raspberry Pi has made a change to its operating system Raspberry Pi OS that removes the default username and password.
Until now, the default username and password for the tiny computers has been respectively “pi” and “raspberry”, which made setting up a new Pi device simple but also potentially made the popular internet-connected devices easier for remote attackers to hack them through techniques like password spraying.
“Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system; they would also need to know your password, and you’d need to have enabled some form of remote access in the first place,” explains Simon Long, a senior engineer for Raspberry Pi Trading.
“But nonetheless, it could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials.”
The UK for example plans to introduce new regulation that stop makers of Internet of Things (IoT) devices from shipping them to consumers with default usernames and passwords. The UK’s National