Goodbye 1234: UK and US lawmakers are considering enacting a law to restrict the use of overly – easy passwords

New proposals that have reached the legislature in the UK and US will try to outlaw the use of silly passwords on smart devices. The main reason: an attempt to protect consumers and punish companies that do not take the field of cyber security and user privacy seriously.

A new law that the British government is trying to pass is trying to put an end to the eternal slogan 1234 and other slogans that are too easy to guess on smart devices. The petition on behalf of the Association for the Security of Smart Communications Products in the country. The proposal has not yet officially become law, but the situation is expected to change soon after discussions on the issue are completed.

At first glance, this seems to be a minor issue that should not get all the way to the legislature’s table, but recent publications suggest that this is a bill that was formulated over the years but was published publicly this month for the first time. The law will be implemented and enforced in cooperation with the Security Infrastructure Association and it will operate on several levels.

The first would be a total ban on passwords that are analyzed as weak. Instead, the association will help develop a technological aid that will offer stronger passwords that will be unique and universal. In addition, the law will require companies that have suffered serious security breaches to report the strength of users ‘passwords and publish regular information about users’ information vulnerability and privacy in the product or website.

Finally, consumers will receive regular security updates and updates on products, applications or sites that are considered unsafe to use and prone to hacking by hackers.

“One of the things that most significantly facilitates hacking into devices and services widely is overly easy passwords. Most people choose an easy-to-guess password and use it in almost any service they have and on several devices at the same time,” explains George Papamgritis, chairman of cyber security company Obrela.

“This legislation is significant because it defines in law the need for stronger passwords and it protects consumers and users. But beyond that, it encourages manufacturers to produce more reliable and secure products before they put them on the market,” he adds.

The products that the law will apply to are routers, security cameras, game consoles, smart TVs, smart speakers, baby monitors, electronic doorbells and door cameras and of course smartphones. Surprisingly, the law will not apply to laptops, medical devices or smartwatches that have become increasingly common in recent years and contain a great deal of personal information.

This is an initial step in a broader reform that is expected to start in the field of smart devices and mainly affect the sellers of the devices and their importers. Similar reforms have also been proposed in the US and are currently in advanced proceedings.

“Governments all over the world claim that they do not see improvement in terms of regulation and there is more and more calamity when it comes to cyber security. The new law is a crucial sign of the desire for change in the market. There are studies conducted Cyber ​​security and customers are not even aware of it, “explains David Rogers, CEO of GSM and an expert in cyber security, ransomware and cyber fraud.

“It’s shocking and I have no doubt that these studies point to a much more prevalent trend. It’s just the tip of the iceberg. What does this say about these companies and how much are they really able to protect their customers and their products? These are points for thought and there is no doubt the law is a first stop “But there is still a long way to go.”

 

By Editor

Leave a Reply