Raspberry Pi OS will no longer ship with the default user ‘pi’. Its presence can make it easier to perform a brute force attack on the ox. Some countries are also working on bans on such default credentials on internet devices.
Instead of the default user in the system should now give the Raspberry Pi OS the opportunity to create a user from scratch. This is possible regardless of what form the installation takes. If you go for a standard install, you will see a wizard during the first boot-up that facilitates this.
Those who install Pi OS Lite will also see a prompt for this, albeit a less impressive one graphically. Those working with a headless Pi will be able to set their username in the Raspberry Pi Imager, or manually with a text file into which a username and encrypted password must be pasted.
Finally, if you are motivated by this change to rename the pi-user in your existing installation, you can do that too, with effect from this new version. It has no version number, but a date: 2022-04-04.
The reason an installation of this OS is more vulnerable to a default username attack is that if the attacker is going to “guess” the credentials, he or she already knows the username. That’s half the credentials needed to get in.
The Raspberry Pi makers also report that with this new update it is no longer necessary to use USB mice and keyboards to connect Bluetooth mice and keyboards. On the first page of the installation wizard, the Pi will enter pairing mode if it is able to do so. It will automatically pair with the first mouse and keyboard it finds.