Starting yesterday, April 29, 2024, the Great Britain it is the first country in the world that will ban “password predefinite“, considered too simple and therefore easy to violate.
This is a systems initiative IoT (Internet of Things), come smart TV or similar devices, which aims to limit global risks regarding increasingly aggressive malware operations.
The initiative is aimed at avoiding cases like what happened with Mirai. The malware in question, in 2016, began exploiting IoT devices to create a huge botnetin turn used to direct DDoS attacks targeted. The key to Mirai’s success, in fact, was precisely the widespread use of overly simple passwords such as “admin” e “12345“.
The law we are talking about concerns the default settings of marketed hardware products. Companies, therefore, are now required to propose unique passwords at the time of sale, with a system that allows customers to promptly report any critical issues regarding safety.
Passwords too simple? Britain wants to avoid more cases like Mirai
Apparently, the UK has taken the issue seriously. Companies that do not comply with this policy, in fact, can be sanctioned with fines of up to 10 million pounds (approximately 11.7 million euros) or al 4% of their turnover world.
However, it should be noted that Great Britain is not the only country that is moving in this direction. In fact, even in the United States, work is underway to propose a certification (called US Cyber Trust Mark) in the context of IoT devices and default passwords.
Despite this, what happens in the United States is nothing more than a trademark applied to the packaging of the devices which, in fact, does not represent an obligation for the producers.
Also in Europethe issue is quite delicate: just take a look at the list of the most popular passwords to understand how high the risks are.