simonwood,
@simonwood@mastodon.social avatar

In the UK from today “manufacturers of phones, TVs and smart doorbells, among others, are now legally required [to prompt users] to change any common passwords.” https://www.theguardian.com/technology/2024/apr/29/devices-with-weak-passwords-to-be-banned-uk

LoneLocust,
@LoneLocust@mastodon.social avatar

@simonwood So does this mean that the manufacturers need to know what the users’ passwords are so they can tell them to change them?

simonwood,
@simonwood@mastodon.social avatar

@LoneLocust I presume it could be the device rather than the manufacturer, though obviously I’d rather they insisted on that.

LoneLocust,
@LoneLocust@mastodon.social avatar

@simonwood Who decides what a commonly-used password is? Is the UK keeping an official list?

I understand that there are ways validate passwords against a list without necessarily sending the PW, but any system that finds a way to compare your passwords has some inherent vulnerabilities that could be catastrophic.

simonwood,
@simonwood@mastodon.social avatar

@LoneLocust 1Password literally has a feature that does this (it’s called Watchtower or some such - and not just common passwords, but it checks against leaked passwords).

LoneLocust,
@LoneLocust@mastodon.social avatar

@simonwood 1Password Is also an ongoing service that you pay for, and the program has complete access to all your passwords.

How is the maker of a home router going to make sure that your password today or in 3 years isn’t commonly used?

5 years ago I imagine TaylorSwift wasn’t a common password, but I suspect it is today.

Weak passwords, sure.
Forcing that the default password is changed, sure.
“Common” passwords, how?

simonwood,
@simonwood@mastodon.social avatar

@LoneLocust Ok, looking at the legislation, I don’t think it’s nearly as ambitious as you think it is. (1/3)

simonwood,
@simonwood@mastodon.social avatar

But… 1Password has complete access to your passwords, sure. All of them. Fine. But the home router you mention - it can do the same thing with a list of 1, at least while the manufacturer is in business. Of course there’s a cost associated with that. But there’s also a cost associated with allowing unscrupulous manufacturers and hapless consumers to assemble giant botnets. (2/3)

simonwood,
@simonwood@mastodon.social avatar

It’s just that the manufacturers get away without paying the price and the consumers think they’re winning because their IoT tat costs peanuts.

So I think the legislation ought to do what you think it’s doing, and I wish it was. (3/3)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • Durango
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • khanakhh
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • everett
  • ngwrru68w68
  • kavyap
  • InstantRegret
  • JUstTest
  • cubers
  • GTA5RPClips
  • cisconetworking
  • ethstaker
  • osvaldo12
  • modclub
  • normalnudes
  • anitta
  • tester
  • megavids
  • Leos
  • provamag3
  • lostlight
  • All magazines
    •