New law banning some passwords in the U.K. an ‘important start,’ expert says

The United Kingdom is the first country to roll out a law banning generic passwords on smart devices. One tech analyst says this is a great start, but the onus is on device owners.

Amid growing global cybersecurity threats, a tech expert is saying the United Kingdom is getting it mostly right with a new law.

The country is the first in the world to ban generic passwords on new smart devices.

“The manufacturer under this law, when you buy (a smart device), they will not be allowed to just simply assign a password that’s really easy to guess, like admin, or 12345 or, my favourite, password, and then just leave it at,” said Carmi Levy, a technology analyst, journalist and author.

“Survey after survey shows that the vast majority of us never bother changing those default passwords. So assign a harder password, then force us to change it as soon as we get it. That’s the new law,” he said.

Levy noted he expects other countries, including Canada, to follow suit soon.

But, there’s a bit of a catch. It doesn’t seem to include apps or online services, he said, and may also comfort smart-device owners into a sort of apathy.

“This is certainly an important start,” he said. But, “we seem to believe that the government can magically craft a law and we’ll all be protected. In fact, the opposite can be true, because we think that because this new law is in place we are somehow safer, so we let our guard down in other respects,” Levy said, adding this makes online users more vulnerable to attacks.

“We have a role to play no matter where we live. Don’t just rely on government. At the end of the day, the rubber hits the road with us,” he said.