Government moves to ban weak default passwords on IoT devices

Good. You wouldn’t expect your online banking to come with a default password of 123456 so why should your smart speaker/fridge/doorbell…?:

The government has revealed plans to ensure that all consumer smart devices in the UK adhere to a trio of rigorous security requirements.

Drawn up by the Department for Digital, Culture, Media and Sport (DCMS), the plans require that all “consumer internet-connected devices” have a unique password that cannot be reset to any universal factory setting.

The plans also require the manufacturers of Internet of Things (IoT) devices to provide a point of contact to which anyone can report a security vulnerability they discover, and to ensure that security problems are “acted on in a timely manner”.

The third security requirement would require IoT device manufacturers to explicitly state a minimum length of time from the point of sale, be it online or offline, that a device will receive security updates from the vendor.

[…]

Original article here