As a manufacturer of internet connected devices, we take customer security very seriously. California has just become the first state with an Internet of Things (IoT) cybersecurity law (called SB-327) requiring that "A manufacturer of a connected device shall equip the device with a reasonable security feature or features...". This law becomes effective January 1st of 2020.
Our IP products have always been protected with a user name and password. However, the default combination used during initial webpage setup is basic and straightforward for user convenience and ease of testing. These settings are published in our literature and could be known to many, perhaps even someone with malicious intent.
There has always been the option to change these defaults. We recommended this, but it was not required. However, beginning in January 2020, our products will now require the user to change the default password during initial setup. When the user first logs-in and configures the device, they will not be allowed to save the settings until a new password has been created. This password must meet the minimum acceptable requirements of at least eight characters in length (without blank spaces) with at least one numeric value and at least one letter. If the user presses the unit's IP reset button, the device will return to the factory default IP settings, username and password. When reconfiguring the device, a new password will be required.
We feel these changes will enhance the security of our products, meet the upcoming legal requirement, and provide the lowest impact to the user experience. The benefit of this cybersecurity update will be felt by customers everywhere.