Raspberry Pi OS Ditches the Default User Account in Favor of a Smart New First-Boot Wizard

Raspberry Pi OS, the Linux distribution specifically built for the eponymous range of single-board computers and systems-on-modules, is receiving the biggest shift to the way it operates yet — in order to close a long-standing security hole.

"Up until now, all installs of Raspberry Pi OS have had a default user called 'pi,'" Raspberry Pi's Simon Long explains. "This isn’t that much of a weakness — just knowing a valid user name doesn’t really help much if someone wants to hack into your system; they would also need to know your password, and you’d need to have enabled some form of remote access in the first place. But nonetheless, it could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials."

In its earliest incarnations, the default user was more of a problem: The operating system ships with the password set to "raspberry," giving a would-be attacker both of the things they need. The addition of a first-use wizard helped with that, encouraging a user to assign the account a new password — but the latest builds of Raspberry Pi OS go a stage further, by removing the user account altogether.

"With this latest release, the default 'pi' user is being removed, and instead you will create a user the first time you boot a newly-flashed Raspberry Pi OS image," Long explains. "This is in line with the way most operating systems work nowadays, and, while it may cause a few issues where software (and documentation) assumes the existence of the 'pi' user, it feels like a sensible change to make at this point."

The move comes with a revamp to the first-boot wizard: What was once optional is now mandatory, and enforces the creation of a user account with a brand-new name and password. Those who run Raspberry Pi OS Lite, meanwhile, will receive a similar prompt at the console on first-boot — while headless users can make use of the pre-configuration functionality in Raspberry Pi Imager or create a user configuration file in the /boot partition.

More details on the change, including how to load the new-user wizard on existing Raspberry Pi OS Bullseye installations, can be found on the Raspberry Pi blog.