UK to ban “default” passwords for IoT devices

British parliamentarians intend to radically solve the problem of weak non-unique passwords. A draft law was presented in local parliament this week to prohibit manufacturers from assigning “default” universal passwords to IoT electronics.

Image source: TheDigitalArtist /

Image source: TheDigitalArtist /

The law, called the Product and Telecommunications Infrastructure Security (PSTI) Bill, mandates unique passwords for devices that connect to the Internet. In this case, it will be impossible to reset them to the universal factory settings. In addition, companies will be required to more transparently cover cases when their electronics require security updates – according to available statistics, only 20% of manufacturers adhere to such a policy.

One of the British regulators will monitor compliance with the law, and the punishment for violating it will be quite tangible, approximately equivalent to $ 13 million or 4% of the global annual business turnover.

According to a 2020 report from Symantec, 55% of the attacked IoT devices used the password 123456, and another 3% used the password admin. Moreover, such electronics are generally quite unsafe: according to Palo Alto Networks, 98% of the traffic of such devices is transmitted through unsecured connections.

Over time, things only get worse as smart home products gain popularity and prices drop. According to some estimates, the number of such devices will exceed 20 billion by 2030, and this is already leading to an increase in the number of attacks. According to Kaspersky Labs, in the first half of 2021, there were 1.5 billion attacks on IoT devices, twice as many as in the same period in 2020.

Other countries can learn from the UK experience as well. Similar laws are already trying to be applied in the United States, but there we are talking only about companies dealing with government contracts. The British bill will affect many more manufacturers and provide a clearly defined “whip” to enforce it.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment