U.S. first IoT cybersecurity law due to come into force in California on January 1st, 2020. Manufacturers of internet-connected devices will either have to ensure that each device comes equipped with a unique preprogrammed password, or require users to generate their own new means of authentication (ie choosing a password) before access is granted to the device for the first time. The infamous Mirai malware recruited a zombie army of IoT devices using a list of 60 common factory default usernames and passwords in 2016.”]