Electronic devices connected to the internet will be prohibited by law from having weak default passwords such as “admin” or “123456” in the United Kingdom under new laws that dictate that all smart devices must meet minimum security standards. These measures came into force yesterday, according to the Department of Science, Innovation and Technology, and reported by the British newspaper The Guardian. This is the first initiative of its kind worldwide.
This means that manufacturers of phones, televisions and smart appliances, among others, will now be legally required to protect internet-connected devices from access by cybercriminals. Furthermore, in the event that a user wants to use a password considered weak when creating a new account on one of these devices, the software installed by the manufacturer will have to prevent this.
According to a study by password management website NordPass, the 10 most used passwords in the United Kingdom are: 123456, password , QWERTY, Liverpool, 123456789, arsenal, 12345678, 12345, abc123 and Chelsea.
In this sense, Rocío Concha, director of policy and promotion of the consumer advocacy organization Which?, said that “the OPSS (Office of Standards and Product Safety, for its acronym in English) must provide the industry with guidance clear and be prepared to take strict action against manufacturers if they break the law.”
Precisely a study by Which? revealed that a British home is exposed to around 12,000 hacking attacks from around the world in a single week, with 2,684 attempts to guess weak passwords on at least five devices. Also according to another recent study, 99% of adults in the United Kingdom own at least one smart device and households in this country have an average of nine connected devices. In addition, 57% of households own a smart TV, 53% a voice assistant, and 49% a smartwatch or fitness bracelet.
For his part, the British Minister of Science and Technology, Jonathan Berry, stated that, “as everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater. Starting today, consumers will have greater peace of mind knowing their smart devices are protected from cybercriminals.”
The authorities hope that with this new legal measure, consumers will gain confidence in the purchase and use of products connected to the network, at a time when attacks on consumers and companies by hackers are growing at a dizzying pace. These measures are part of the British government's National Cyber Strategy, endowed with 2,600 million pounds sterling (3,044 million euros).
It should be remembered that in December 2023, a parliamentary report said that Great Britain was vulnerable to a large-scale cyber attack due to a lack of planning and investment to deal with it. Already then, Margaret Beckett, president of the committee that prepared said report, stated that “the United Kingdom has the dubious distinction of being one of the most cyber-attacked nations in the world. “It is clear to the committee that the investment and government response to this threat is not equally successful globally, leaving us exposed to catastrophic costs and destabilizing political interference.”
