Industry News

Government proposes new cyber security law on passwords

It’s a smart world full of smart devices. But are we humans smart enough?

When you buy a new internet device (whether that is a smart speaker, a thermostat, a security camera or a smart TV), it is likely that cyber security won’t be your first thought. But the device will have been pre-loaded with a password by the manufacturer, and that is something you need to think about.

Usually that password will be something relatively simple, and one of a few dozen common passwords. Quite often these intended-to-be-temporary passwords are never reset by the purchaser once the product is up and running within their system.

Cyber security ‘break ins’

The UK government is concerned that, as a consequence, cyber-attackers can very easily break in ‘behind the scenes’ of these devices to steal sensitive personal data. In extreme cases cyber-attackers may also spy on users and even take control of the products themselves.

As a consequence, new suggestions regarding passwords have been put forward by the UK government, ahead of its proposed cyber-security bill.
The main suggestion is that internet-connected gadgets will have to be sold with a unique pre-set password per device – or will require the owner to set one before use.

Manufacturers may face having to recall non-compliant products – and they could also be fined under the proposed idea should it become law. Courts would also be able to order that the manufacturer’s products be confiscated or destroyed.


The government is looking for feedback from consumer groups and tech industry experts so it can shape the final legislation. Other proposals include manufacturers detailing the minimum amount of time they’ll provide security updates for a device after it has been purchased.

Change your password!

Matt Warman, the current Minister for Digital Infrastructure, said that until the proposed legislations passes, UK households should check whether they had changed the ‘default’ manufacturer’s passwords on all of their internet-linked devices.

In addition to the other forms of security compromise exploited by cyber-attackers, they can hijack the devices so that they can stage ‘follow-up attacks’, (known as a “botnet”). In 2016 the Mirai botnet, made up of approaching a million hacked internet products, targeted Reddit, Spotify and Twitter and other services. Flooded with data, the services had to go offline.

If the government’s proposals are given the Parliamentary nod and get through the legislative process, the new law could be enforced as early as 2021 or 2022.

Ebuyer stocks a range of smart devices. They are extremely useful devices to help make life so much easier. But we would encourage you to check that you have replaced / changed the pre-set password when you purchase and install a smart device into your home set-up. If you haven’t do it right away!

Click to comment

Leave a Reply

Your email address will not be published.

Most Popular

To Top