Overly simple passwords now outlawed

A recent Act of Parliament has resulted in simple passwords not being accepted on many technology devices.

Research shows that weak passwords to prevent unauthorised access are a pervasive problem when it comes to technology. A 2023 report from proprietary password manager NordPass unearthed that the world’s most often used passwords are “1234” and “Password”.

Another easy to crack password employed is “qwerty”, which according to the UK’s National Cyber Security Centre (NCSC) is responsible for nearly four million account breaches online.

However, weak credentials are not only used by company employees, but by technology manufacturers that ship products with a simple password to grants access.

In reaction, the UK Government legislated against using simple passwords via its 2022 Product Security and Telecommunications Infrastructure (PSTI) Act.

It gave hardware and software manufacturers and developers a grace period of two years, but as of May this year, the new law is now in place. As a result, from a commercial and corporate perspective, the age of the basic password is no more.

The aim of the government’s PSTI Act is to implement proposals that have long been agreed on to improve resilience against cybercriminal activity in the UK. To achieve this, it will enforce stricter security standards for software developers and device makers, but also issue fines when non-compliance with legislation occurs.

Default passwords previously deployed as standard on IT resources and solutions like “admin” and “12345” are now banned, and technology developers must ensure that new users are always prompted to replace pre-existing passwords before use.