As a manufacturer of internet connected devices, we take customer security very seriously. California has become the first state with a cybersecurity law called SB-327 that requires "A manufacturer of a connected device shall equip the device with a reasonable security feature or features...".
Our IP products have always been protected with a username and password. However, the default combination used during initial webpage setup is basic and straightforward for user convenience and ease of testing. These settings are published in our literature and could be known to many, perhaps even someone with malicious intent.
There has always been the option to change these defaults. We recommended this, but it was not required. To fully comply with the intent of SB-327, our products will now require the user to change the default password during initial setup. When the user first logs in and configures the device, the user will not be allowed to save the settings until a new password has been created. This password must meet the minimum acceptable requirements of at least eight characters in length (without blank spaces), at least one numeric value, and at least one letter. If the user presses the unit's IP reset button, the device will return to the factory default IP settings, username and password. When reconfiguring the device, a new compliant password will again be required.
Products providing this added level of security include: BASrouter, BASrouterLX, EIPR-E and EIPR-V.
These changes enhance the overall security of our IP products. If you have any questions about these changes, please contact technical support.