The cyber landscape is always changing as hackers find new ways and forms to access information. In response to that, the United Kingdom has taken a monumental step forward in cybersecurity by implementing a groundbreaking law that prohibits generic passwords on smart devices. This landmark legislation, aimed at protecting consumers from cyber attacks, sets a precedent for the rest of the world to follow. By mandating minimum security standards for manufacturers, the UK government aims to fortify its resilience against cyber threats while fostering consumer confidence in smart products.
As the threat landscape evolves, traditional password-based authentication methods have become increasingly vulnerable to exploitation. The reliance on easily guessable passwords like ‘admin’ or ‘12345’ creates significant security loopholes, leaving individuals and organizations susceptible to cyber attacks.
But what does a strong password look like? Many of us use passwords that are easy to remember, but that often means it’s easy for someone else to guess them too. Generally speaking, passwords are exponentially harder to crack the longer they are and the more character types they contain. But there’s a little more to it than that.
Let’s say you create a password with 10 characters and use lower and uppercase letters, numerals, and symbols. You might think of a word you’ll easily remember, capitalize the first letter, add a numeral, and end with a symbol. Let’s imagine your password is Computer3! This password may seem robust enough, but it isn’t. A hacker could easily break it with a simple combination of a dictionary attack and by detecting common patterns, like capitalizing the first letter.
A strong password shouldn’t just be sufficiently long and alphanumeric. It also needs to be unique. A longer and more complex password is practically impossible for a hacker to break. A completely random string of 10/12 characters might take a few weeks for a supercomputer to crack. Adding just a couple more can turn that into centuries.
Why do you need unique passwords? Reusing passwords across multiple accounts is a common habit, and one of the harder ones to break. Attackers routinely take advantage of this risky behavior. If they can get their hands on one password, either via hacking or social engineering, they can easily access any other accounts using the same credentials.
Sometimes, victims don’t realize one of their accounts has been compromised until months or even years later. For example, a dormant account that the owner has long forgotten about might get hacked. The hacker then obtains the login credentials and attempts to use them on other popular sites until they get lucky. Eventually, the account they get into might be an online payment platform.
Creating unique passwords for all accounts that hold sensitive data might sound tiresome, but it’s essential for maintaining strong security. Fortunately, you can simplify matters by using single sign-on (SSO) and multifactor authentication. That way, you only need to sign in once to access all your online accounts, in much the same way a web browser remembers all your login credentials.
How do you keep your passwords safe? Let’s wrap up with some tips to help you keep yourself and those you work with safe:
- Don’t share passwords, even with your colleagues or superiors.
- Create long and complex passwords that aren’t based on dictionary words.
- Never write passwords down on sticky notes or anywhere else they might be misplaced.
- Avoid saving login credentials on devices that other people have access to.
- Use a password manager to simplify security and boost productivity.
As security professionals, we applaud the UK’s bold initiative to ban generic passwords on smart devices and urge other nations to follow suit. By prioritizing security and embracing cutting-edge technologies, we can build a safer, more resilient digital future for all.
