New Devices May Not Use Default Passwords

You know how, when you buy a new router to set up a home network, it comes with a default password like ‘Admin,’ which you have to remember to change?

If you don’t, you run the risk of having your new network breached with ease.

Good news, that’s a step closer to going away.

There’s a move afoot by legislators in the UK that will ban such passwords, and force IoT device manufacturers to tell their customers exactly how long their products will receive security updates, and note that this specifically includes smartphones.

Ian Levy, a technical director at the National Cyber Security Centre (NCSC) had this to say about the proposed legislation:

“Consumers are increasingly reliant on connected products at work and at home. The COVID-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.

To protect consumers and build trust across the sector, it is vital that manufacturers take responsibility and pay attention to these proposals now.”

This is fantastic news, and while there’s no firm timetable on when the newly proposed law will make its way through both chambers of the UK’s Parliament, there’s a broad base of support for the legislation and insiders give it an excellent chance of becoming law.

When that happens, you can bet that politicians in the rest of Europe and in the United States will begin taking a very close look at it, its effectiveness and its potential pitfalls. Kudos to the Brits for leading the charge here. Legislation is long overdue to help shore up security where IoT devices are concerned, and this is certainly a powerful step in the right direction. We look forward to seeing the final shape and form of the law.