The United Kingdom has just implemented a law that will prevent obvious default passwords from being built into devices. A breakthrough for security intended to be replicated elsewhere?
The world of the internet is a dangerous world, where many hackers are watching for the slightest opportunity to cause damage, as we saw again recently after the attack targeting the Cannes hospital. So, to avoid making the task of these hackers easier, Internet users are often reminded of the need to have a strong password, or even double authentication. And to obtain better results, the law begins to impose constraints. And it starts in the United Kingdom.
New security standards
The new version of the Product Security and Telecommunications Infrastructure Act (PTSI) brings some interesting changes to the UK. Because this law regulating objects connected to the internet now prohibits manufacturers from producing passwords and identifiers that are too obvious.
This means that purchased devices will no longer be able to offer extremely popular identifiers like “admin”, “password” or “12345”. Identifiers produced from this type of database are also banned (exit “password1” or “password19”). However, unique default identifiers will always be possible.
Measures that will one day apply throughout Europe?
And offenders face fines for non-compliance with these new rules. They could thus be fined up to 10 million pounds (or approximately 11.68 million euros) or 4% of their overall annual turnover, with the judge having to choose the higher amount.
And the British legislator is not the only one to think about such measures. The Cyber Resilience Act (CRA), which is currently being discussed at the European Union level, will contain similar provisions, which will therefore one day be effective here. Except that we will have to wait a few more years, its implementation not being expected before 2027.
Source : Ars Technica, The Record
4