"Raspberry Pi Ditches Default Logins to Boost Security"

The developers behind Raspberry Pi have enhanced security.  A senior principal software engineer explained that previously, users were able to keep the default username “pi.” They were also able to bypass a setup wizard which requested users to choose a new password on start-up, which would leave them with the default option of “raspberry.”  This made it easier for attackers to guess or brute force such devices.  According to the new setup procedure, the default “pi” user is being removed, and customers will need to choose a new name on initial boot up.  The start-up wizard will also be non-negotiable, forcing them to choose a new password before being able to use the device.  A recent honeypot-based study conducted by Bulletproof claimed the login combo of “pi” and “raspberry” was among the most popular used by malicious bots to try and access devices set up by the researchers.  The researchers at Bulletproof stated that if connected to a corporate network, Raspberry Pis could therefore represent a weak link in the cybersecurity chain.  The researchers found that there were well over 200,000 machines on the internet running the standard Raspberry Pi OS, making it a decent number of systems to compromise.

Infosecurity reports: "Raspberry Pi Ditches Default Logins to Boost Security"