No more 12345: devices with weak passwords to be banned in UK
No more 12345: devices with weak passwords to be banned in UK
Makers of phones, TVs and smart doorbells legally required to protect devices against access by cybercriminals
You're viewing a single thread.
How they know what password we use in our device ? Do they scan our device without our permission ?
The law is for devices that come out of the box with a weak default. Like buying a wifi hotspot where the default is "admin123" would be bad. The default being random and printed on a label in the device is probably what this is aiming to usher in.
it's been a very long time since I've seen a default that wasn't random or a unique pass phrase
They still exist. But even with generated passwords: stolen/identified as weak initial password generation algos aren't exactly unheard of. How about forcing users to change the initial password on first use?
Did you really just share an article without actually reading it?
It's for manufacturer passwords, not ones set by users.
The legislation is to help regulate the manufacturers of IoT devices, not the users themselves.
Probably just default passwords
From what I see on the article, it looks like it mostly applies to manufacturer set passwords - though it does look like the devices are now required to prompt the user if they try to set a weak or common password (though I can't remember the last time I wasn't prompted)
No, others do that for them: insecam.org
That's not what this law is about, but yes actually they do!
I'm not even in the UK and my domains get hit by UK authorities that claim to be scanning for vulnerabilities
Nah they scan your brain
🤔