The United Kingdom banned the use of weak default passwords, such as “1234” or “admin”, on all devices connected to the internet. The measure aims to ensure that manufacturers comply with minimum standards of protection against cyber threats and hacking to guarantee the safety of users.
Inside of the Telecommunications Infrastructure and Product Security bill (PSTI), the United Kingdom proposed in 2021 to prohibit the use of universal default passwords on connected devices, including those of the Internet of Things (IoT).
Meanwhile, this Monday new regulations designed to comply with consumer protection against hacking and cyber attacks have come into effect, which require connected smart devices to meet “minimum security standards” established by law.
One of the regulations prohibits manufacturers from implementing weak and easy-to-guess default passwords in products connected to the Internet, according to the Department of Science, Innovation and Technology in a statement on the Government website.
This means that They will not be able to use passwords such as “1234” or “Admin” on devices with an internet connection, including everything from smartphones to tablets, televisions, speakers, smartwatches, video game consoles and even connected refrigerators. If a commonly used password is being used, the regulations indicate that the user will be prompted to change it when logging in.
In addition to promoting the protection of people, society and the economy from possible cyberattacks, the authorities pointed out that they also seek to increase consumer confidence in the safety of the products they buy and use.
99 per cent of UK adults own at least one smart device, while households in the country have an average of nine connected devices.
Smart devices that are part of a home can be exposed to more than 12,000 hacking attacks from all over the world in a single week, among which there are 2,684 aimed at cracking weak passwords, according to a study by Which? cited by the British government.
The new regulations also introduce other security protections, such as requiring manufacturers to publish contact details so that users and companies can be informed to fix bugs and problems.
Manufacturers and retailers will also need to be upfront with consumers about the minimum amount of time it can take to receive important security updates on connected smart devices. In addition to all this, consumers and cybersecurity experts can also report any product that does not meet the standards set in the regulations to the Office of Product Standards and Safety (OPSS).
