New devises May Not Use Default Passwords. You know now, when you buy a new router to set up a home network, it comes with a default password like ‘Admin,’ which you have to remember to change? If you don’t, you run the risk of having your new network breached with ease.
Good news, that it’s a step closer to going away.
There’s a move afoot by legislators in the UK that will ban such default passwords and force IoT device manufacturers to tell their customers exactly how long their products will receive security updates, and note that this includes smartphones explicitly.
Ian Levy, a technical director at the National Cyber Security Centre (NCSC) had this to say about the proposed legislation:
“Consumers are increasingly reliant on connected products at work and home. The COVID-19 pandemic has only accelerated this trend, and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.
To protect consumers and build trust across the sector, manufacturers must take responsibility and pay attention to these proposals now.”
This is fantastic news, and while there’s no firm timetable on when the newly proposed law for default passwords will make its way through both chambers of the UK’s Parliament, there’s a broad base of support for the legislation. Insiders give it an excellent chance of becoming law.
When that happens, you can bet that politicians in the rest of Europe and the United States will begin taking a very close look at its effectiveness and potential pitfalls for default passwords. Kudos to the Brits for leading the charge here protecting default passwords.
Legislation is long overdue to help shore up security where IoT devices are concerned, and this is certainly a powerful step in the right direction.
We look forward to seeing the final shape and form of the law.