In Short
- Weak passwords are now banned in the United Kingdom.
- This law is a response to past cyber attacks.
- It sets a standard for cybersecurity in IoT devices.
The use of weak passwords has been banned by the United Kingdom. It is a measure to work on cyber security to remove guessable passwords on Internet of Things (IoT) devices.
This action is a part of PSTI (Product security & Telecommunications Infrastructure). It is also a part of product security. These acts aim to enhance consumer product security.
This law states that consumer internet-connected products must be secure. They all must have a unique password. The password should not be guessable. The manufacturers can also let users create their passwords.
This law is a response to past cyber attacks. For example, the Mirai botnet attack in 2016 used default passwords to cause big problems. The UK wants to stop such threats. They want to make their national cybersecurity stronger.
The PSTI Act also says manufacturers must tell people about their products’ security. They must say how long the devices will get security updates. They must also tell users how to report security problems. This helps people know more about what they buy.
To cross-verify if the company follows these rules the OPSS (Office for Product Safety and Standards) will come into action.
High fine values have been stated for the companies not following the rules. The fine can cross £10 million. It can also be as huge as 4% of the company’s turnover. The bigger amount is the one they’ll have to pay.
This new law is a big deal. It sets a standard for cybersecurity in IoT devices. It also shows that the UK is leading in this area. Other places like the European Union and the United States are thinking about doing the same. But they haven’t done as much as the UK yet.