New IoT Security Laws Seek to Protect Consumers From Hacks of Internet-Connected Devices – CPO Magazine
So did the new California law on consumer IoT security go far enough? Critics say that the new IoT cybersecurity law essentially just aimed for the lowest-hanging fruit possible (default passwords), and then contained a vague phrase (“reasonable security feature”) that could be interpreted in a large number of ways by any device manufacturer. Plus, as some critics have pointed out, there are some authentication steps that are not password-reliant that also use default settings, and these would seemingly not be covered by the California law.