Raspberry Pi devices just got a basic upgrade that should have happened ages ago
Raspberry Pi OS gets a simple but effective update
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The officialRaspberry Pi OShas received an update that should shut off acybersecurityweakness that has existed for a number of years.
As announced in ablog postfrom the Raspberry Pi Foundation, theoperating systemwill no longer set “pi” as the default username at setup, thereby adding an additional layer of friction to potentialpassword-stuffing attacks.
Instead, users will be asked to create a custom username when a newly-flashed Raspberry Pi OS image is booted for the first time.
Raspberry Pi update
According to Simon Long, who heads up user experience at Raspberry Pi, the decision to change the default username system is a sensible one, based on a weighing up of risk and reward.
“Over the years, we have gradually ramped up the security of Raspberry Pi OS; not in response to particular threats, but more as a general precaution,” he explained. “There is always a balance to be struck, however, as security improvements usually carry a cost in terms of usability, and we have tried to keep the system as convenient to use as possible, while having an acceptable level of security.”
“Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system. But nonetheless, it could potentially make a brute-force attack slightly easier.”
Can’t get hold of a shiny new Raspberry Pi? Here’s why>Mysterious new Raspberry Pi alternative is the size of an SD card>This is the year I conquer the Raspberry Pi
Long also noted that some countries are beginning to introduce legislation that outlaws internet-connected devices with default login credentials. The arrival of the new system, then, will ensure Raspberry Pi doesn’t have to worry about falling foul of new rulings.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As part of the update, the organization has also introduced a mechanism for changing the username on existing installations, by typing “sudo rename-user” into a new terminal window. Doing so will reboot the device into a wizard that allows for a new username to be created, allowing existing customers to benefit from the security upgrade.
The new Raspberry Pi OS image is available now via theofficial download page.
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
7 myths about email security everyone should stop believing
Your doctor may have an AI assistant taking notes during your next Zoom call
