The UK has implemented a law prohibiting IoT manufacturers from setting weak default passwords like “admin” or “12345” to bolster cybersecurity. This move aims to avert incidents like the 2016 Mirai hack, where poor password security enabled a massive botnet attack. Manufacturers must now also disclose contact details for reporting issues and inform users about upcoming security updates. Non-compliance could lead to fines up to £10 million or 4% of global revenue. While the EU is considering similar legislation, the U.S. currently lacks specific provisions against weak default IoT passwords.
