The UK is doing away with bad default passwords. With updates to the country’s Product Security and Telecommunications Infrastructure Act (PSTI) that came into force today, regulators say that tech gadgets that can connect to the internet or a local wired network must either have a unique default password or be definable by the person who owns it.
Under the update, manufacturers will have to make it easy for people to report security issues. The PSTI also now requires them to give clear expectations for when those filing the reports can expect acknowledgment and status updates afterward. Violations of the law can result in fines as high as £10 million (about $12.5 million USD) or 4 percent of their “qualifying worldwide revenue,”…
