New UK Law To Eradicate Weak Passwords

Here we look at the new UK cybersecurity law that will ban device manufacturers from having weak, easily guessable default passwords, thereby providing extra protection against hacking and cyber-attacks. 

The Problem 

With 99 per cent of UK adults owning at least one smart device and UK households owning an average of nine connected devices, but with a home’s smart devices potentially being exposed to more than 12,000 hacking attacks in a single week (Which?), the UK government has decided that protective, proactive action is needed. It’s long been known that easy-to-guess default passwords (like ‘admin’ or ‘12345) in new devices and IoT devices have provided access for cybercriminals. An example (from the US) is the 2016 Mirai attack which led to 300,000 smart products being compromised due to weak security features as well as major internet platforms and services being attacked and much of the US East Coast being left without internet.