Conveniently, the Raspberry Pi creates a default user when Raspbian is first installed. The default username is
pi and the password is
raspberry. While this makes it easy for new users to get started with the Pi, the device is now vulnerable once it is exposed to the public internet. Below are steps to fix this vulnerability and secure the Pi on its first boot.
Startup the Pi
Login using default username and password
Create a new user and grant superuser privileges
$ sudo adduser <username>
Grant superuser privileges to the new user.
This will allow the new user to use the sudo command
$ sudo adduser <username> sudo
Alternatively, you can use this command if the above does not work:
$ sudo usermod -a -G sudo <username>
Logout of the default account and login with the new username
You will be returned to the login screen where you can login as the new user.
Delete the default user
$ sudo deluser -remove-home pi
Update the system
$ sudo apt-get update
$ sudo apt-get upgrade