UK bans device passwords that are easy to guess
The UK has become the first country to block manufacturers from using easy-to-guess passwords as the default on devices.
Under the new Product Security and Telecommunications Infrastructure act, passwords such as ‘admin’ and ‘123456’ will be banned. It’s common for manufacturers to use these when making devices.
Users can change them to something harder, but many don’t know how to, or even that they should.
The law aims to improve the security of home devices that connect to the internet, including routers, baby monitors, TVS, video doorbells and voice-controlled speakers. These ‘smart’ devices are often called the ‘Internet of Things’.
Hackers know that such devices often come with simple default passwords, making it easy for them to launch attacks that infiltrate home networks and steal personal information.
As well as banning simple passwords, the law requires manufacturers to give customers clear instructions on how to report flaws and security problems.
They must also tell customers how long their device will receive support, including software updates. Manufacturers failing to meet these requirements face fines up to £10 million or four per cent of worldwide revenue, whichever is higher.
Retailers will distribute leaflets in stores to explain the new law and give reasons why it’s vital to use smart devices that protect against cyber attacks.
Government ministers called the laws a “world first” and said they’d bring “peace of mind” to consumers.
The Department for Science, Innovation and Technology said the law needed to be toughened because UK homes now contain an average of nine devices that connect to the internet.
The law applies to UK manufacturers and international firms that import their goods or sell them in the UK. Visit GOV.UK for details and advice: www. snipca.com/50327.