Britain bans simple passwords for smart devices


Internet-connected smart devices will soon be required to meet minimum security standards by law in the UK.

Manufacturers have been banned from using weak default passwords such as “123456” or “admin” for devices with internet or network connectivity in the world’s first such legislation that came into force on Monday (April 29th).

The law will apply to devices ranging from smartphones and TVs to game consoles and smart fridges. The government said that it hoped the new rules would help protect consumers against hacking and cyberattacks.

ADVERTISEMENT

It said it would also prevent threats like the Mirai attack in 2016, which saw 300,000 smart devices compromised due to weak security features and used to attack major internet platforms and services, resulting in an internet blackout in much of the US East Coast.

The new legislation was necessary as “the threats generated by the internet multiply and become even greater,” according to Viscount Camrose, the minister responsible for cybersecurity.

An investigation by Which?, a consumer rights group, found that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.

In addition to banning easily guessable default passwords, the law will also require manufacturers to publish contact details to deal with bugs and issues and to inform consumers of the minimum time they can expect to receive important security updates.

Sarah Lyons, deputy director for economy and society at the National Cyber Security Centre, described the legislation as a “landmark” act that will help consumers make informed decisions about the security of products they buy.

“Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import, or distribute provide ongoing protection against cyberattacks,” Lyons said.

According to the annual ranking compiled by cybersecurity firm NordPass, “123456” and “admin” are two of the world’s most commonly used passwords. Both can be cracked in less than a second, and the same is true for passwords like “1234” or “password.”

ADVERTISEMENT