97
submitted 6 months ago by Emperor@feddit.uk to c/unitedkingdom@feddit.uk

Tech that comes with weak passwords such as “admin” or “12345” will be banned in the UK under new laws dictating that all smart devices must meet minimum security standards.

Measures to protect consumers from hacking and cyber-attacks come into effect on Monday, the Department for Science, Innovation and Technology said.

It means manufacturers of phones, TVs and smart doorbells, among others, are now legally required to protect internet-connected devices against access by cybercriminals, with users prompted to change any common passwords.

Brands have to publish contact details so that bugs and issues can be reported, and must be transparent about timings of security updates.

It is hoped the new measures will help give customers confidence in buying and using products at a time when consumers and businesses have come under attack from hackers at a soaring rate.

top 23 comments
sorted by: hot top controversial new old
[-] thehatfox@lemmy.world 27 points 6 months ago

Please let’s do the same for banking next. I’m tired of seeing maximum length limits on passwords, and SMS as the only option for 2FA.

It seems the UK’s high street banks aren’t going to upgrade or improve their aging systems unless forced.

[-] calcopiritus@lemmy.world 9 points 6 months ago

And that maximum length is... 6 characters. S I X

I have considerably more characters than 6 at lloyds

[-] sunbeam60@lemmy.one 5 points 6 months ago* (last edited 6 months ago)

Banking security is so bloody awful it’s insane. I just want passkey support.

[-] SatansMaggotyCumFart@lemmy.world 23 points 6 months ago

The only password I use is password because everyone is told not to use it so no one would try it, right?

[-] LemoineFairclough@sh.itjust.works 20 points 6 months ago* (last edited 6 months ago)
[-] Glowstick@lemmy.world 7 points 6 months ago* (last edited 6 months ago)

That list is fascinating. abc123 is near the top, then like 10 more below that is a1b2c3, and then much further down is 123abc. What?

[-] magic_lobster_party@kbin.run 6 points 6 months ago

I guess people believe passwords that are awkward to type are somehow safer.

[-] Hossenfeffer@feddit.uk 5 points 6 months ago* (last edited 6 months ago)

Some systems require your to change your password periodically. What do you change to if your existing password was 'abc123'?

[-] Emperor@feddit.uk 10 points 6 months ago

That's genius. I'll just assume your PIN is 1234 and let you go on your way, nothing bad will happen.

[-] SatansMaggotyCumFart@lemmy.world 5 points 6 months ago

My pin is obviously 6969 because it’s fucking hilarious.

[-] Isoprenoid@programming.dev 10 points 6 months ago
[-] Emperor@feddit.uk 6 points 6 months ago* (last edited 6 months ago)

One friend admitted his PIN was 0071.

Another is a rabid Everton fan and his PIN is 1878 - the year the club was founded, so he probably doesn't change it. Worse though is that he painted his yard fence blue and wrote 1, 8, 7 and 8 on his fenceposts - I don't know many people who'd paint their PIN a foot high somewhere visible to his neighbours. He came over once so I could help him put a route on his bike's satnav but it needed a password. I didn't ask, I just typed "efc1878" and got straight in. He admitted that was his password on pretty much everything. The lesson - don't get sentimental with cyber security.

[-] eee@lemm.ee 8 points 6 months ago

So... Every new device will now have a default password of P@ssw0rd! I guess

[-] swearengen@sopuli.xyz 4 points 6 months ago

I've noticed routers in recent years have default passwords like "wristrhino040" printed on the sticker on the bottom. I suspect we'll see more of that.

[-] ReCursing@kbin.social 7 points 6 months ago

I mean the headline sounds good, but I don't trust this government not to actually make things worse somehow ~~(and I can't be arsed to read the article to find out how)~~

[-] sunbeam60@lemmy.one 6 points 6 months ago

Yeah. I’m sure the Chinese manufacturers will get on to this right after faking the CE markings. Any second now…

[-] cdf12345@lemm.ee 5 points 6 months ago
[-] TachyonTele@lemm.ee 12 points 6 months ago

That's way too short. You'll definitely need a better password than that.

[-] Deebster@programming.dev 11 points 6 months ago

Why? Unless you like breaking into other people's devices, this is good news.

[-] Swarfega@lemm.ee 2 points 6 months ago

Does that include cheap Bluetooth devices that need a password and use 0000?

[-] Flax_vert@feddit.uk 7 points 6 months ago

Probably internet stuff. Bluetooth isn't internet

[-] autotldr@lemmings.world 1 points 6 months ago

This is the best summary I could come up with:


Tech that comes with weak passwords such as “admin” or “12345” will be banned in the UK under new laws dictating that all smart devices must meet minimum security standards.

It means manufacturers of phones, TVs and smart doorbells, among others, are now legally required to protect internet-connected devices against access by cybercriminals, with users prompted to change any common passwords.

Rocio Concha, a director of policy and advocacy at Which?, said: “The OPSS [Office for Product Safety and Standards] must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases.”

The science and technology minister, Jonathan Berry, said: “As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.

“From today, consumers will have greater peace of mind that their smart devices are protected from cybercriminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe.

The laws are taking effect as part of the product security and telecommunications infrastructure (PSTI) regime, which aims to strengthen the UK’s resilience against cybercrime.


The original article contains 350 words, the summary contains 223 words. Saved 36%. I'm a bot and I'm open source!

this post was submitted on 29 Apr 2024
97 points (98.0% liked)

United Kingdom

4091 readers
150 users here now

General community for news/discussion in the UK.

Less serious posts should go in !casualuk@feddit.uk or !andfinally@feddit.uk
More serious politics should go in !uk_politics@feddit.uk.

Try not to spam the same link to multiple feddit.uk communities.
Pick the most appropriate, and put it there.

Posts should be related to UK-centric news, and should be either a link to a reputable source, or a text post on this community.

Opinion pieces are also allowed, provided they are not misleading/misrepresented/drivel, and have proper sources.

If you think "reputable news source" needs some definition, by all means start a meta thread.

Posts should be manually submitted, not by bot. Link titles should not be editorialised.

Disappointing comments will generally be left to fester in ratio, outright horrible comments will be removed.
Message the mods if you feel something really should be removed, or if a user seems to have a pattern of awful comments.

founded 1 year ago
MODERATORS