Raspberry Pi devices just got a basic upgrade that should have happened ages ago
Raspberry Pi OS gets a simple but effective update
The official Raspberry Pi OS has received an update that should shut off a cybersecurity weakness that has existed for a number of years.
As announced in a blog post from the Raspberry Pi Foundation, the operating system will no longer set “pi” as the default username at setup, thereby adding an additional layer of friction to potential password-stuffing attacks.
Instead, users will be asked to create a custom username when a newly-flashed Raspberry Pi OS image is booted for the first time.
Raspberry Pi update
According to Simon Long, who heads up user experience at Raspberry Pi, the decision to change the default username system is a sensible one, based on a weighing up of risk and reward.
“Over the years, we have gradually ramped up the security of Raspberry Pi OS; not in response to particular threats, but more as a general precaution,” he explained. “There is always a balance to be struck, however, as security improvements usually carry a cost in terms of usability, and we have tried to keep the system as convenient to use as possible, while having an acceptable level of security.”
“Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system. But nonetheless, it could potentially make a brute-force attack slightly easier.”
Long also noted that some countries are beginning to introduce legislation that outlaws internet-connected devices with default login credentials. The arrival of the new system, then, will ensure Raspberry Pi doesn’t have to worry about falling foul of new rulings.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As part of the update, the organization has also introduced a mechanism for changing the username on existing installations, by typing “sudo rename-user” into a new terminal window. Doing so will reboot the device into a wizard that allows for a new username to be created, allowing existing customers to benefit from the security upgrade.
The new Raspberry Pi OS image is available now via the official download page.
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.