Comment on No more 12345: devices with weak passwords to be banned in UK
timlyo@kbin.earth 5 months ago
Brands have to publish contact details so that bugs and issues can be reported, and must be transparent about timings of security updates.
The non headline part of the law sounds great to me.
TheGrandNagus@lemmy.world 5 months ago
Yeah I read the headline and thought what, then read the article and it actually seems pretty reasonable.
RGB3x3@lemmy.world 5 months ago
Is it really on the device manufacturer that people don’t change the default password? That’s advice that’s been around so long and it’s the first thing they tell you in computer training.
Default passwords have their use cases for testing, ease of set-up, and for device recovery.
TheGrandNagus@lemmy.world 5 months ago
Yes, it should be. Sending someone a device with usr/pwd as admin/admin, for example, is completely reckless if it doesn’t prompt the user to change it during setup.
You shouldn’t need specialist training to use basic home products, and you shouldn’t have extremely compromised security in the event of you not being technically-minded.
Plenty of products have protections in place designed to protect users in the realistic event that not everything will be used flawlessly 100% of the time.
PCs aren’t shipped to you with always-on root-level access, gas hobs often have features to turn themselves off if they detect they’ve not been ignited, cars have all kinds of safety features, pills come in pop-packs to discourage taking a load at once by swigging a bottle, etc.