Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system; they would also need to know your password, and you’d need to have enabled some form of remote access in the first place. But nonetheless, it could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials.
So with this latest release, the default “pi” user is being removed, and instead you will create a user the first time you boot a newly-flashed Raspberry Pi OS image. This is in line with the way most operating systems work nowadays, and, while it may cause a few issues where software (and documentation) assumes the existence of the “pi” user, it feels like a sensible change to make at this point.
This is a pretty substantial change that might break some applications that assume the default “pi” user exists.
“Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system; they would also need to know your password,”
And, of course, they forced you to change the default password …
Oops.
A welcome change to those people who never touch their router’s admin/admin
bubi,
Yeah that’s crazy, I make sure to change mine to 12345 every time.
12345? That’s amazing! I have the same combination on my luggage!
Evil will always triumph because good is dumb.
I see your Schwartz is as big as mine.
Luggage, you have locks on your luggage?
I view this as purely a Good Thing and a long overdue correction.
Likely this change won’t affect any application. As applications packed by Debian don’t have an user “pi” hard coded. Maybe some script from the internet could be affected. But i guess if you are able to run a script from the internet then you will be fine. In regards to resolving the issue. Or you can always report a bug. In addition strong preset password/username for devices such as WiFi router are a good thing.