Raspberry Pi OS no longer defaults to user “pi”

Up until now, all installs of Raspberry Pi OS have had a default user called pi". This isn't that much of a weakness - just knowing a valid user name doesn't really help much if someone wants to hack into your system; they would also need to know your password, and you'd need to have enabled some form of remote access in the first place. But nonetheless, it could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials.

So with this latest release, the default pi" user is being removed, and instead you will create a user the first time you boot a newly-flashed Raspberry Pi OS image. This is in line with the way most operating systems work nowadays, and, while it may cause a few issues where software (and documentation) assumes the existence of the pi" user, it feels like a sensible change to make at this point.

This is a pretty substantial change that might break some applications that assume the default pi" user exists.