Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Technology
Guardian staff and agency

No more 12345: devices with weak passwords to be banned in UK

Password box on a screen
It is hoped the new measures will help give customers confidence in buying and using internet-connected products. Photograph: RayaHristova/Getty Images/iStockphoto

Tech that comes with weak passwords such as “admin” or “12345” will be banned in the UK under new laws dictating that all smart devices must meet minimum security standards.

Measures to protect consumers from hacking and cyber-attacks come into effect on Monday, the Department for Science, Innovation and Technology said.

It means manufacturers of phones, TVs and smart doorbells, among others, are now legally required to protect internet-connected devices against access by cybercriminals, with users prompted to change any common passwords.

Brands have to publish contact details so that bugs and issues can be reported, and must be transparent about timings of security updates.

It is hoped the new measures will help give customers confidence in buying and using products at a time when consumers and businesses have come under attack from hackers at a soaring rate.

The consumer champion Which? said it had been instrumental in pushing for the new measures and it welcomed the changes.

Rocio Concha, a director of policy and advocacy at Which?, said: “The OPSS [Office for Product Safety and Standards] must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases.”

The science and technology minister, Jonathan Berry, said: “As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.

“From today, consumers will have greater peace of mind that their smart devices are protected from cybercriminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe. We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”

The laws are taking effect as part of the product security and telecommunications infrastructure (PSTI) regime, which aims to strengthen the UK’s resilience against cybercrime.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.