Default passwords for smart home devices and wireless routers should be strengthened to comply with new cybersecurity laws in both cases. UK and EU …
When you buy a smart home device – or even something as important as a wireless router – it often comes “out of the box” with a pre-configured password, and that password is often ridiculously weak. For example, some routers come with the name ‘admin’ preset for both username and password.
It will no longer be legal in Europe after the UK and EU passed separate cybersecurity laws.
The Record reports on the legislation UK.
On Monday, the UK became the first country in the world to ban default guessing names users and passwords for these IoT devices. The default unique passwords are still allowed.
The Product Security and Telecommunications Infrastructure Act of 2022 (PSTI) introduces new minimum security standards for manufacturers and requires those companies to be transparent with consumers about how long their products will receive security updates for […]
According to PSTI, weak or easy-to-guess default passwords such as “admin” or “12345” are explicitly prohibited, and manufacturers are also required to publish contact information so users can report bugs.
Products , which do not comply with the rules may be withdrawn, and responsible companies face a maximum fine of £10 million ($12.53 million) or 4% of their global revenue, whichever is higher.
The EU Cyber Resilience Act (CRA) has not yet come into force, but will include a similar requirement to improve security by default.
The purpose of the CRA is to protect consumers and businesses who purchase or use products or software with a digital component. Under the Act, inadequate security features will become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with these protections extending throughout the product's life cycle.
The latter is expected to come into effect effective later this year.
There is nothing similar in the US yet, but global brands will likely apply the same standards to their products sold around the world.
Photo by Sebastian Scholz (Nuki) on Unsplash
