UK password crackdown

Do you use admin, 12345, liverpool, arsenal, chelsea or password in your login details? Well, you might be surprised to learn that some of them are no longer allowed following a UK password crackdown. Recently, the UK became the first country in the world to make laws against having simple passwords for internet-connected devices. 

What are the new password changes?

EM360 explains that these changes come “as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which aims to protect consumers from hackers who exploit easily guessable passwords by forcing them to strengthen their security settings to prevent cybercrime and account theft. It means that manufacturers’ technologies such as smartphones, TVs and smart home devices are now legally required to protect internet-connected devices against access by cybercriminals, with users prompted to change any common passwords.” This new law is already in effect. Anyone who makes an internet-connected device for sale in the UK will need to put these security standards in place. Users will be prompted to change to a stronger password if they initially select a common one.

Why has this happened?

Sky News explains nearly 60% of UK homes have a smart TV or other devices. So, it’s no surprise the time to plug these security risks is now. They state, “A home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with 2,684 attempts to guess weak passwords on five devices, according to an investigation by Which? [And] password managing website NordPass found the most commonly used passwords in the UK last year were 123456 and, believe it or not, password.” These are just too easy for hackers or algorithms to guess and could open up UK homes to incredible security risks when compromised. So, the PSTI regime is keen to hold manufacturers to account and encourage homeowners and businesses to get more secure with their password selections. And the penalties aren’t small. Coro explains, “Companies violating the law could face fines of up to $12.5 million, recalls, or 4% of their global revenues.”

How to pick a secure password 

This change mostly impacts IoT device manufacturers today. However, it’s unlikely to be long before laws are put in place banning simple passwords internet-wide. Most websites will already prompt you to meet certain criteria for letters and numbers within your password. But, if you need a general understanding of password security for everyday use, here are some secure password tips:

  • Make it more than 10 characters long
  • Use a mix of numbers, letters, uppercase, lowercase and symbols
  • Ensure you can remember it, so you don’t have to write it down
  • Instead of one word and some symbols, string two or three words together
  • If you prefer, use a password manager to create and store the passwords for you. Then you only need to remember one login

Get more tips on mitigating IT risk here or if you want support to understand how to make the necessary changes in your organisation to ensure you’re in compliance with the UK password crackdown, please get in touch. We’ll support you with recommendations, best practices and rollout across your entire operation. This will ensure you don’t run afoul of these new laws.