The UK has banned the use of weak default passwords, such as ‘1234’ or ‘Admin’, on internet-connected devices, to ensure that manufacturers meet minimum protection standards against cyber threats and hacking, as well as to ensure user security.
The UK proposed in 2021, in the Telecommunications Products and Infrastructure Security (PSTI) Bill, to ban the use of universal default passwords on connected devices, including the Internet of Things (IoT).
New regulations designed to address consumer protection against hacking and cyberattacks came into effect this Monday, requiring connected smart devices to meet “minimum security standards” set by law.
One such regulation prohibits manufacturers from implementing weak and easy-to-guess default passwords on Internet-connected products, as explained by the Department of Science, Innovation and Technology in a statement on the Government’s website.
Starting from cellphones to refrigerators that are connected to the internet
This means they won’t be able to use passwords like ‘1234’ or ‘Admin’ on devices that have an internet connection, such as smartphones, tablets, televisions, speakers, smartwatches, video game consoles, or even connected refrigerators. And if a commonly used password is used, regulations indicate that users will be required to change it when logging in.
This aims to increase the protection of society, society and the economy from possible cybercriminals, as well as increasing consumer confidence in the safety of the products they buy and use.
The new law, which came into effect this Monday, aims to improve cyber resilience in the country, where 99% of adults own at least one smart device and there are an average of nine connected devices in the home.
12,000 attacks in one week
Smart devices that are part of the home can be exposed to more than 12,000 hacking attacks from around the world in one week. In total, 2,684 were aimed at trying to guess weak passwords, according to a study conducted by Which? quoted by the Government.
This law is part of the Telecommunication Products and Infrastructure Security (PSTI) regime, which is designed to increase the country’s resilience to cyber attacks and ensure that “malicious interventions” do not impact the global economy.
Additionally, this regulation introduces other security protections, such as an obligation for manufacturers to publish contact information so that users and companies can be informed to resolve errors and problems.
Manufacturers and retailers must also inform consumers of the minimum amount of time required to receive critical security updates on connected smart devices.
Additionally, consumers and cybersecurity experts can also report any products that do not meet the standards set out in the regulations to the Office of Product Standards and Safety (OPSS).
“Entrepreneur. Internet fanatic. Certified zombie scholar. Friendly troublemaker. Bacon expert.”