New Password Policy Established by British Government

Password Security: Why the UK is Banning Generic Passwords

May 17

Lev Lesokhin Lev Lesokhin is an experienced business technologist, a former software developer, consultant, and tech executive. Having started his career at MITRE, Lev has had many touch-points with cybersecurity thought leaders over the years. In his current role as OutThink's Executive Vice President for Technology and Analytics, he works with customers and industry leaders to build a quantitative framework for evolving security awareness into human risk management.

View Profile

In this article

What is the UK’s New Password Security Law?Why Strong, Unique Passwords Are Essential for Password Security How to Create Strong Passwords That Protect You Practical Tips for Improving Password Security What’s Next for Password Security? A Global Trend?

Engage and Train Your Workforce With OutThink

View Demo

What is the UK’s New Password Security Law?

The cyber landscape is always changing as hackers find new ways and forms to access information. In response to growing concerns around password security, the United Kingdom has taken a monumental step forward in cybersecurity by implementing a groundbreaking law that prohibits generic passwords on smart devices. This landmark legislation, aimed at protecting consumers from cyber attacks, sets a precedent for the rest of the world to follow. By mandating minimum security standards for manufacturers, the UK government aims to fortify its resilience against cyber threats while fostering consumer confidence in smart products. The British are setting a new benchmark for password security in smart devices—one that may inspire other countries to adopt similar measures, further protecting consumers from the risks associated with weak or default passwords.

As part of the official announcement from the UK government, the law mandates that manufacturers eliminate easily guessable default passwords like “admin” or “12345” on all new smart devices. This reform also requires manufacturers to be transparent about how long their devices will receive security updates, providing consumers with the information they need to make secure purchasing decisions. Manufacturers who fail to comply with these requirements may face substantial penalties, underscoring the importance of robust password security standards.

Why Strong, Unique Passwords Are Essential for Password Security

As the threat landscape evolves, traditional password-based authentication methods have become increasingly vulnerable to exploitation. The reliance on easily guessable passwords creates significant security loopholes, leaving individuals and organizations susceptible to cyber attacks.

But what does a strong password look like? Many of us use passwords that are easy to remember, but that often means it’s easy for someone else to guess them too. Generally speaking, passwords are exponentially harder to crack the longer they are and the more character types they contain. But there’s a little more to it than that.

Weak passwords are still a leading cause of unauthorized access, largely due to their lack of complexity and predictability. Think of a weak password as a “frail lock on a door”—it provides minimal security and can be easily bypassed by methods like brute force or dictionary attacks. Short passwords, sequential numbers, and repeated characters are especially vulnerable, making them prime targets for cyberattacks.

How to Create Strong Passwords That Protect You

Creating strong passwords is one of the most effective ways to enhance password security and protect personal information. Let’s say you create a password with 10 characters and use lower and uppercase letters, numerals, and symbols. You might think of a word you’ll easily remember, capitalize the first letter, add a numeral, and end with a symbol. Let’s imagine your password is Computer3! This password may seem robust enough, but it isn’t. A hacker could easily break it with a simple combination of a dictionary attack and by detecting common patterns, like capitalizing the first letter.

A strong password shouldn’t just be sufficiently long and alphanumeric. It also needs to be unique. A longer and more complex password is practically impossible for a hacker to break. A completely random string of 10/12 characters might take a few weeks for a supercomputer to crack. Adding just a couple more can turn that into centuries.

Practical Tips for Improving Password Security

Here’s a list of essential tips for keeping your passwords safe:

Don’t share passwords, even with your colleagues or superiors.

Create long and complex passwords that aren’t based on dictionary words.

Never write passwords down on sticky notes or anywhere else they might be misplaced.

Avoid saving login credentials on devices that other people have access to.

Use a password manager to simplify security and boost productivity.

What’s Next for Password Security? A Global Trend?

As security professionals, we applaud the UK’s bold initiative to ban generic passwords on smart devices and join other cybersecurity experts in urging other nations to follow suit. By prioritizing password security and embracing cutting-edge technologies, we can build a safer, more resilient digital future for all.

Follow OutThink on LinkedIn for more expert tips, updates, and insights to stay ahead of evolving cyber threats.

Enjoyed this blog post? Share it with someone!Share