The UK prohibits the use of weaker passwords on connected devices

The UK has banned the use of weak default passwords, like ‘1234’ or ‘Admin’ on devices connected to the Internet, so that manufacturers meet minimum protection standards against cyber threats and computer hackingand guarantee user security.

The UK proposed in 2021, in the Telecommunications Products and Infrastructure Security (PSTI) Bill, to ban the use of universal default passwords on connected devices, including the Internet of Things (IoT).

New regulations designed to address consumer protection against hacking and cyberattacks came into effect this Monday, requiring connected smart devices to meet “minimum security standards” set by law.

«To protect yourself from cyber attacks, changing your password is not enough»

One such regulation prohibits manufacturers from implementing weak and easy-to-guess default passwords on Internet-connected products, as explained by the Department of Science, Innovation and Technology in a statement on the Government’s website.

This means they won’t be able to use passwords like ‘1234’ or ‘Admin’ on devices with an Internet connectionas well as smart phonetablets, televisions, speakers, smart watch, video game console, or even a connected refrigerator. And if a commonly used password is used, regulations indicate that users will be required to change it when logging in.

With that, The goal is to increase the protection of society, society and the economy from possible cybercriminals, as well as increase consumer confidence in the security of the products they buy and use.. The new law, which came into effect this Monday, aims to improve cyber resilience in the country, where 99 percent of adults own at least one smart device and there are an average of nine connected devices in the home.

Smart devices that are part of the home can be exposed to more than 12,000 hacking attacks from around the world in one week. In total, 2,684 were aimed at trying to guess weak passwords, according to a study conducted Which? quoted by the Government.

This law is part of the Telecommunication Products and Infrastructure Security (PSTI) regime, which is designed to increase the country’s resilience to cyber attacks and ensure that “malicious interventions” do not impact the global economy. Additionally, this regulation introduces other security protections, such as an obligation for manufacturers to publish contact information so that users and companies can be informed to resolve errors and problems.

Manufacturers and retailers must also inform consumers of the minimum amount of time required to receive critical security updates on connected smart devices. Additionally, consumers and cybersecurity experts can also report any products that do not meet the standards set out in the regulations to the Office of Product Standards and Safety (OPSS).

Roderick Gilbert

"Entrepreneur. Internet fanatic. Certified zombie scholar. Friendly troublemaker. Bacon expert."

Leave a Reply

Your email address will not be published. Required fields are marked *