In the UK, an amendment to the Devices and Communications Security Act has come into force, prohibiting suppliers of devices with internet or intranet connectivity from setting standard, lightweight default passwords such as admin or 1234.
A manufacturer wishing to supply goods for sale in the UK will need to ensure that a random password is generated when the appliance is first turned on.
The fine for violating the law is up to £10 million or up to 4% of the offender’s global income.
The law covers not only devices directly related to communication, such as routers or wifi repeaters, but also any household appliance connected to the Internet, from a smart TV to a kettle, air conditioner and vacuum cleaner.