dang, that new version of the Product Security and Telecommunications Infrastructure Act goes hard. you can no longer sell an IoT product in the UK if it doesn't have a secure password initialisation feature and the ability for users to change its passwords.
@gsuberland most of our customers install product behind firewall or air gapped. We find that most never change the default passwords and we've had that ability for 20 years. Some change the main account password but leave other accounts at default for lack of understanding. Basically the product is an industry staple and I doubt these rules will stop anyone from getting it. But there is likely some grandfather clause available.
I doubt that laws can eradicate stupidity.
Edited 199d ago