UK becomes first country to ban default passwords on smart devices
(Baonghean.vn) - The UK National Cyber Security Centre (NCSC) has called on smart device manufacturers to comply with a new law that comes into effect on April 29, prohibiting the use of default passwords.
“The Product Security and Telecommunications Infrastructure (PSTI) Act will help consumers choose smart devices that are designed to provide ongoing protection against cyberattacks,” the NCSC said.
Accordingly, manufacturers are required to not provide devices with easily guessable default passwords, and must provide a contact point to report security issues and clearly state when their devices can expect to receive important security updates.
Easy-to-guess default passwords like “123456”, “password” or “admin” are not only easily found online, but also pose a vulnerability for attackers to break into devices for further exploitation.
However, the law still allows for the use of unique default passwords. A unique default password is a type of password that is pre-set for a specific device, but is not the same for all devices of the same type. In other words, each device has a unique default password that cannot be easily guessed or found online.
Using a unique default password increases the security of smart devices, as it reduces the risk of being attacked by hackers. Instead of using the same default password for multiple devices, each device has a unique password, making it more difficult to break into all of them at once.
However, it is important to note that a single default password is not a complete security solution. Users should still change the default password to a stronger, more personalized one after purchasing a new device.
The law, which aims to enforce a broad set of minimum security standards and prevent vulnerable devices from connecting to the internet, includes: smart speakers, smart TVs and streaming devices; smart doorbells, baby monitors and security cameras; mobile tablets, smartphones and game consoles; wearable health monitors (including smartwatches); smart home appliances (such as light bulbs, plugs, kettles, thermostats, ovens, refrigerators, vacuum cleaners and washing machines).
Companies that fail to comply with the terms of the PSTI law could face product recalls and monetary penalties, with fines of up to £10 million ($12.5 million) or 4% of their total global annual turnover, whichever is higher.
The development makes the UK the first country in the world to ban manufacturers from using default accounts and passwords on Internet of Things (IoT) devices.
As our lives become increasingly dependent on connected devices, the threats posed by the internet will only increase, so this new law will give consumers greater peace of mind that their smart devices are protected from cybercrime.
The UK Department for Science and Technology said the new regulations mark a significant leap forward towards a safer digital environment and the government is committed to making the UK the safest place in the world to be online.
The law applies not only to manufacturers but also to businesses importing technology products into the UK, including products such as smartphones, routers, security cameras, gaming consoles and home speakers, along with other internet-connected devices and toys.