If there is one outfit taking cybersecurity at its most seriously, it is the UK government. In 2024, a new version of the Product Security and Telecommunications Infrastructure Act (PTSI, is the first of its kind to outlaw certain long-used password types.
As of April 29th, 2024, the new requirements enforce that every manufacturer, importer, or distributor of smart devices in the UK includes a randomized password or generated password upon setup.
No More Easy Pass
The initial password can no longer be as simple as ‘password’ or any variation. It can also not have a relation to public information in an obvious way. Devices will now have a simple mechanism that enables users to change their password regularly. With this new set of regulations, all devices will have significant protection measures against any brute-force cybersecurity access attacks.
Many cybersecurity consultants and cybersecurity businesses agree that these measures are long overdue and a step in the right direction. This act will lead to implications for tech companies worldwide combining hardware and software in their products.
New Password Laws
As the first country to introduce such laws, the UK has put responsibility at the heart of product development and manufacturing to better protect consumers against growing cybercriminals who aim to hack their devices.
Devices such as smartphones, consoles, and IoT appliances have seen rising cybercriminal targeting, and the new provisions will make the attempts much harder to impossible to perform against unsuspecting buyers. Manufacturers will now be prohibited from using weak, easy-to-guess passwords like ‘admin’ or ‘12345’.
If a common password exists, all users will be instructed to change it before any startup is performed. Along with this setting, manufacturers will now publish contact details to report any security vulnerabilities and provide transparency on timeframes for critical security updates to all devices.
From this point, all retailers and manufacturers must inform consumers about the expected duration of security updates for smart devices, and any products that violate these new regulations can be reported to the OPSS by consumers.
Difficult for Hackers
The weak password ban and improved communication on security updates will make hacking of exploited vulnerabilities in smart devices very difficult. The UK government hopes that increased transparency across the security measures will make consumers feel more secure and confident about the smart products they buy.
As of 2024, all smart TVs, doorbells, CCTV cameras, monitors, streaming devices, and fitness trackers (as well as all other smart technology) will have these laws in effect. Any company violating these laws could face fines of up to $12.5 million, alongside recalls of their products and a percentage of their global revenues.
If hackers gain access to one device via a weak password, the potential to access other accounts is high due to the use of the same password. That can include access to every smart device within a home.
UK homes filled with smart devices can be exposed to over 12,000 hacking attempts within a week. It takes only one to be successful. A weak password amounts to around three thousand cybersecurity hacking attempts.
Would you like to know more about upcoming internet security conferences and talks on cybersecurity at cybersecurity events London? Look for upcoming cybersecurity events UK and learn more about the future of cybersecurity awareness and regulation.
About Author
