Since its launch, the Raspberry Pi OS (and most operating systems based on it) has shipped with a default “pi” user account, making it simpler to boot up a Pi and start working without needing to hook up the device to a monitor or go through a multi-step setup process. But as of today, that’s changing—new installs of the Raspberry Pi OS are shedding that default user account for both security and regulatory reasons.
Raspberry Pi Foundation software engineer Simon Long explains the thinking in this blog post.
“[The “pi” user account] could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials,” he writes.
Read 5 remaining paragraphs | Comments