British bill wants to ban standard passwords

Admin or password – most people will know that standard passwords like these are not a safe bet. Anyone who puts a technical device into operation that is ultimately connected to the Internet in some way should change their password as quickly as possible. Whether laziness or ignorance, that is exactly what does not happen over and over again, and devices become easily accessible tools for attackers.

Great Britain now wants to put a legal stop to this loophole. Particularly gadgets related to the so-called “Internet of Things” are the target of the measure.

The one with the title “Product Security and Telecommunications Infrastructure Bill” (PSTI) presented to Parliament would require ambiguous passwords for devices that have an Internet connection or that can be networked with multiple other devices. It should also not be possible to reset the password to the general factory settings. Desktop and laptop computers are excluded from the regulation, “as there is a mature market for antivirus software for them”, as well as used goods.

Toys, smartphones or televisions: companies would be held accountable here. Those who do not adhere to the safety standards face fines of up to ten million pounds or four percent of the company’s global sales. Monitoring is to be carried out by an authority that has not yet been designated in detail. In addition, manufacturers would have to indicate when products need security updates or patches at the point of purchase.

According to the bill’s presentation, four out of five providers of networkable products would not take adequate security measures. Anyone who does not take appropriate measures must communicate this transparently to their customers. For example, devices that do not meet the standards may not be sold in retail stores.

UK Minister for Media, Data and Digital Infrastructure, Julia Lopez, said: “Most of us assume that a product for sale is safe. But many do not, which puts too many of us at risk of fraud and theft ”.

The aim of the new regulation is to create “a firewall around everyday technical devices” and to protect consumers. According to forecasts, the number of Internet-enabled devices would grow to 50 billion worldwide by 2030. The British National Cyber ​​Security Center speaks of an “unprecedented” number of cyber incidents that were dealt with in 2020.

The new law is therefore also intended to counteract an overload of the authorities – and accordingly adds further points to the password and update regulations. Companies not only have to document their security measures, they are also obliged in the future to “set up a public contact point to make it easier for security researchers and other people to report weaknesses and errors in products”. In addition to the manufacturers, shops and online trading should also be included in the law and held accountable.