Raspberry Pi OS Loses Default ‘Pi’ User for Security

Today the official Raspberry Pi blog released a post detailing changes from the latest update to Raspberry Pi OS Bullseye. The biggest change is in the user account creation process which will no longer feature a default username, adding an extra layer of security for users by providing them an opportunity to create a custom username from the start.

The Raspberry Pi is known for being fairly easy for newcomers to set up, aided in part by the default username ‘pi’. However, by implementing a consistent username for each new user, this ensured a small fraction of users would use the Pi without changing the value to something unique. The use of a single username for many users could make it easier for bad actors to get into Pi hardware. This small change takes one step away from any would-be hackers.

This change also involves implementing new setup steps for fresh operating system installs. From now on, when users flash a microSD card with a fresh instance of Raspberry Pi OS, they will be prompted by the setup wizard with a blank field to create their own username.

This new setup wizard is no longer an optional step. A user account must be created in order for the desktop to load so until a username is specified, users cannot use the Pi. The blog post indicates the new setup wizard process will instead take place in its own dedicated environment.

In addition to the new account creation process, the Raspberry Pi Imager has a new tool that saves makers a few steps when setting up Raspberry Pi OS—especially for headless setups. The new feature provides fields for users to specify a username, password and any network settings before the OS is installed.

Both the Raspberry Pi Imager and newly updated OS image can be downloaded over at the Raspberry Pi OS downloads page. To get a closer look at the changes and see what else is new, check out the original post on the official Raspberry Pi blog.