Usually, an impact study is made before such type of laws are made:
- if this law is enacted, how much will it cost to the manufacturers to update their factory settings?
- how will this be impacted on the device cost in the UK compared to other markets?
- how many users will get stuck when losing the unique ID of the device, what are the recovery procedures, how costly is it to end users?
- how many users will be protected by the measure and what cost for society does it represent?
- how many users will set a dumb password anyhow and what is the cost for society?
I’d be curious to see the impact study, as many of those are actually botched.
Most routers already have non-standard passwords by default. At least in EU. I’m not sure which devices besides routers and IoT peripherals are affected by this bill.
All of them I’ve seen do use non-standard passwords for the web access portion, however it’s been a mixed bag for the admin controls on the router OS itself. It’s often just admin/admin.
Which is crazy. I could, if I were inclined, log into the router in someone’s house/business if they haven’t changed the admin password, but they have provided me with a password to access the web. Most people don’t bother changing the admin password.
a user set weak password is infinitly more strong than a known default.
admin
adminThat makes a strong password a million times infinite strong.