A simple update for the official Raspberry Pi OS closes off a potentially serious cybersecurity hole.
The official Raspberry Pi OS has received an update that should shut off a cybersecurity weakness that has existed for a number of years. As announced in a blog post (opens in new tab) from the Raspberry Pi Foundation, the operating system will no longer set “pi” as the default username at setup, thereby adding an additional layer of friction to potential password -stuffing attacks. Instead, users will be asked to create a custom username when a newly-flashed Raspberry Pi OS image is booted for the first time. According to Simon Long, who heads up user experience at Raspberry Pi, the decision to change the default username system is a sensible one, based on a weighing up of risk and reward.
