Raspberry Pi Foundation removes default user ‘Pi’ from Raspberry Pi OS – Computer – News

Raspberry Pi OS will no longer ship with the default user ‘Pi’. Its presence can make it easier to brute forceattack an installation of the OS. Such default credentials are also prohibited on internet devices.

Instead of the default user in the system should now give the Raspberry Pi OS the opportunity to create a user from scratch. This is possible regardless of what form the installation takes. If you go for a standard install, you will see a wizard during the first boot-up that facilitates this.

Anyone who installs Pi OS Lite will also receive a prompt for this, albeit a graphically less impressive one. Who with a headless Pi will be able to determine its username in the Raspberry Pi Imager, or manually with a text file that has to be pasted in with a username and encrypted password.

Finally, if you are motivated by this change to rename the Pi user in your existing installation, you can do that as well, with effect from this new version. It has no version number, but a date: 2022-04-04.

The reason an installation of this OS is more vulnerable to a default username attack is that if the attacker is going to “guess” the credentials, he or she already knows the username. That’s half of the credentials needed to get in.

The Raspberry Pi makers also report that with this new update it is no longer necessary to use USB mice and keyboards to connect Bluetooth mice and keyboards. On the first page of the installation wizard, if it allows, the Pi will pairing mode to go. It will automatically pair with the first mouse and keyboard it finds.

–