• Uriel238 [all pronouns]@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I assumed each device would be programmed with the top 5,000 most common passwords which it would refuse.

    And the device would nag the administrator to change the password away from the default as soon as possible, please.

  • alb_004@lemm.eeOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    7 months ago

    How they know what password we use in our device ? Do they scan our device without our permission ?

    • Zikeji@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      The law is for devices that come out of the box with a weak default. Like buying a wifi hotspot where the default is “admin123” would be bad. The default being random and printed on a label in the device is probably what this is aiming to usher in.

      • metaStatic@kbin.social
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        it’s been a very long time since I’ve seen a default that wasn’t random or a unique pass phrase

    • it3agle@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      It’s for manufacturer passwords, not ones set by users.

      The legislation is to help regulate the manufacturers of IoT devices, not the users themselves.

    • drkt@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      That’s not what this law is about, but yes actually they do!

      I’m not even in the UK and my domains get hit by UK authorities that claim to be scanning for vulnerabilities

    • Th4tGuyII@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      From what I see on the article, it looks like it mostly applies to manufacturer set passwords - though it does look like the devices are now required to prompt the user if they try to set a weak or common password (though I can’t remember the last time I wasn’t prompted)

  • timlyo@kbin.earth
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Brands have to publish contact details so that bugs and issues can be reported, and must be transparent about timings of security updates.

    The non headline part of the law sounds great to me.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    This is the best summary I could come up with:


    Tech that comes with weak passwords such as “admin” or “12345” will be banned in the UK under new laws dictating that all smart devices must meet minimum security standards.

    It means manufacturers of phones, TVs and smart doorbells, among others, are now legally required to protect internet-connected devices against access by cybercriminals, with users prompted to change any common passwords.

    Rocio Concha, a director of policy and advocacy at Which?, said: “The OPSS [Office for Product Safety and Standards] must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases.”

    The science and technology minister, Jonathan Berry, said: “As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.

    “From today, consumers will have greater peace of mind that their smart devices are protected from cybercriminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe.

    The laws are taking effect as part of the product security and telecommunications infrastructure (PSTI) regime, which aims to strengthen the UK’s resilience against cybercrime.


    The original article contains 350 words, the summary contains 223 words. Saved 36%. I’m a bot and I’m open source!

  • oo1@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    I wonder about raspberry pi - it’s the image you download that has the known user and password.
    It might mean that you can’t sell one with a pre-imaged, pre-installed sdcard unless you customised the image.

  • wewbull@feddit.uk
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I hope when they say TVs, they don’t mean the parental controls pin.

    In fact… What password is needed on a TV?

  • ColeSloth@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I like the easy default passwords for when I’m setting stuff up. If the end user doesn’t change it, that’s on them. This is one of those laws that just inconveniences the 90% to protect the lazy/stupid 10%.

    • hangonasecond@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      I feel like there’s a level of easy, that’s still secure. I used to be the kind of person who used the same password for everything. Now, I’ve changed that password on everything and I’m particular about using a password manager even for most local uses. But when I’m performing first time set up, I use a variation on that easy to type, burned into my brain old password. It’s not incredibly secure, but it’s not 4 digits or my birthday or anything of the like.