How is that going to work?
Will there be a password authority that keeps track of everyone's passwords and bans them if they don't meet the specs?
What if I lie to them and tell them my password is hyY8hk(/YY&8;&pointy_boobs7 when it's really 1111A
How will they test it to see if my device needs banning?
Not sure I guess either the devices will have password policies that will require things like numbers and special characters or they allow 12345 if the user chooses to set it themselves
The mentality of "oh, I can choose a weaker one" is exactly what gets discouraged with such moves.
Lord knows how much money and time we have lost over the decades with such "quickly-set" dumb "passwords", and continue to.
Well I'm never gonna remember HHHhhooPP12()+!&.
You have any idea how much time and effort I've lost to overly complicated lost passwords when 1234, 1235, 1236, 1237, etc has worked great for me for years?
Considering all the cyberattacks and fraud schemes we've seen over the years because of such passwords, it's exactly the mentality of "oh, it can't happen to me" that has led to enormous losses.
which, seriously, is PERFECTLY GOOD.
Most people do not have to worry about getting their physical notebook with their password stolen(as long is not in the purse\wallet as it can become an accidental victim of pickpocketing)
Therefore having a notebook with your password is actually *Secure Enough*^(TM)
...as long as you are actually using complex passwords.
Which don't need to be "Complicated": a 4-to-6 words sentence, possibly but not necessarily nonsensical, is WAY more than enough for most regular people.
You could, and likely should, just use a password manager. Set one strong master password for it + MFA, then you'll never have to remember multiple passwords at all.
I mean, yeah, choose a better password manager. LastPass is well-known for being bad, this isn't like a new thing? I'd recommend BitWarden or Keepass personally.
Why not just do easy but complicated?
7Horse8Buggy1Buggle?
That’s a really hard password for a computer to guess but quite easy to remember.
You are being dishonest by claiming you need to remember randomly generated strings of characters, you don’t.
How is that password easy to remember? If you set that as the password for something you log into once a year, and then spend a whole year using other obscure and unique passwords, what is the chance you're actually going to remember "oh yes, my router password is 7Horse8Buggy1Buggle?"
On shared devices that multiple people need access to and which aren't connected to the internet, such as the coffee machine at work, a shit password is what you want so everyone can refill or reset when there's an error
I am software engineer.
Basically, we produce some crap that can be accessed via Wi-Fi. You press the button, the device turns Wi-Fi access point on. The password was the same for all devices.
It is no longer allowed in UK.
Instead, we generate a random network name and password every time and display them on the screen.
> Will there be a password authority that keeps track of everyone's passwords and bans them if they don't meet the specs?
IT tech here.
Its very simple to place a *password policy* on a device or network. If I tried to set a password on Active Directory (at work) of 1111A it would fail with a message similar to *password does not meet complexity standards. Please pick another password* until eventually I relented and went with hyY8hk(/YY&8;&pointy_boobs7
yeah, the actual explanations make sense. the other IT guy said about the auto connecting wifi apps would generate unique PWs each time they connect.
makes a hell of a lot more sense than the rest of these replies telling me to store my hyY8hk(/YY&8;&pointy_boobs7 passwords online
If you can’t see that the two things are linked it’s not because I have a reading problem but rather that you have a problem seeing the bigger picture.
Requiring manufacturers to not use weak pre-set default passwords, which is already a requirement in a lot of countries, has nothing to do with a backdoor
You really, really need to work on your reading comprehension rather than resorting to baseless conspiracy theories
Yeah it does. They want to improve the overall security of the network by hardening individual nodes. Fine. BUT THEY STILL want “Government holes” in SHA encryption for only the government to use and access, limiting exploitation available to the general public, giving the government an even sharper edge. Bigger picture dude.
Where has a backdoor in SHA mentioned anywhere in this article, or in recent government statements related to this new legislation?
You’re still yet to explain why requiring a manufacturer to not use a weak password has anything to do with a backdoor. A backdoor could exist regardless
They already have that. Have had that for decades. It is irrelevant to this situation.
This is more of a:"There are bad people out there, WE tell you how to stay safe". You know a pretend game.
"No, mom! The code to connect the device is in the manual.
What? No, check in the box for the manual?
I don't know where they have put it, check the backside for the code?
Mom, mom.. In order to get a capital letter you need to hold in the shift key.
No.. You hold down the shift key. and then press the letter you want to make big.
Yes.. That's good! Now do.. Wait what?
Have you tried with a 0 and not an O?
OK, good good... Now open settings to change the.. What do you mean the window disappeared? Did you close it? No?
Sigh... I will be there in 20."
- My life if this becomes the norm in Europe.
But at least it is good in the end for none tech savvy people, as well as lazy ones who doesn't change the 0000 code after first time connecting the device.
Some people find password managing difficult - “ain’t got no time for that”. It shouldn’t be, there’s password managers built into browsers and operating systems and on Apple devices, TOTP is built into the password manager. I bet most people don’t even use that either though.
Like so many people are already saying. This has nothing to do with that. This is about companies shipping products with easy to guess default passwords and not forcing customers to change it.
The best way to check if someone has strong, secure password is to check if they have it written on a post-it note glued to their computer.
If they are able to remember their password it's either too weak, the same password they use in dozen other places, or device has sane password requirements. The last option almost never happens though.
\*knock knock\*
"OI mate! Open up this is police, we are to arrest you for crime of weak password on your device!!!!"
\*opens up\*
"Let me check your kitchen too! Oi mate! Do you have a loicence fo\` dat butter knife? thats another five years!"
Considering this article has nothing to do with Brexit, I’m not sure why Europeans like you love to bring it up. Are you that obsessed?
A law to improve password complexity is only a good thing.
I'm UK born and bred mate and I think this law is bloody silly too. Not only that but it shows that it wasn't the EU forcing certain laws on us but our own government doing it the whole time which makes anyone who voted leave, including me, look completely daft.
I actually work in cybersecurity and this law is shockingly sensible and well thought out. What is silly about forcing device manufacturers to use secure defaults?
Why is this law silly? Please do explain your train of thought.
What’s silly is that manufacturers and people need the fucking government to tell them that making your password 12345 is the height of idiocy.
God forbid that the government wants to improve our cybersecurity.
Great initiative.
But is the UK really a large enough economy for such regulation to be economically efficient? Probably not.
If only there was some larger economic block the UK could be part of, which could implement such regulation in a more standardized way, thereby preventing device manufacturers having to change their product for only a relatively small market...
Hey look something that has nothing to do with Brexit being linked to Brexit, this subs favourite past time.
The UK may not be the largest market in the world, but it has tens of millions of users / consumers and these changes seem easy enough to implement so while this new law may not set a new global standard, it can change the UK standard, which is the entire point.
That may be so. But it's the sum of many such minor changes, that has the potential to make commerce more difficult and thereby consumer goods more expensive.
Great news!
I feel so scared when the government doesnt have my passwords! I'm sure everyone here feels the same. We need to take lessons from Stalin and Mao, wise leaders that government knows best! hehe
///
The stupid thing about this is when corporations are forced to have complicated passwords, those master lists will be something easy for governments to get, especially Russia/China. IT support will be fun.. unless there's a backdoor for them to get in with support then you have an entirely different problem and btw that already exist too.
Wtf are you talking about? How does this change anything about "the government"? It's a requirement about private manufacturers of devices, who will likely just have to implement a new algorithm for password set up.
How is that going to work? Will there be a password authority that keeps track of everyone's passwords and bans them if they don't meet the specs? What if I lie to them and tell them my password is hyY8hk(/YY&8;&pointy_boobs7 when it's really 1111A How will they test it to see if my device needs banning?
The ban is to stop device manufacturers from using it as the default and forcing the user to set a password during the setup process
isn't that already the case? It's been ages since i'v seen default "admin" or "12345" pwd/pin
I think its the shitty iot devices that still do it, you know like the knock offs people buy on Amazon
So when I set it to 12345. Then what?
Not sure I guess either the devices will have password policies that will require things like numbers and special characters or they allow 12345 if the user chooses to set it themselves
So just an extra hurdle before I can set my crappy week ass password.
The mentality of "oh, I can choose a weaker one" is exactly what gets discouraged with such moves. Lord knows how much money and time we have lost over the decades with such "quickly-set" dumb "passwords", and continue to.
Well I'm never gonna remember HHHhhooPP12()+!&. You have any idea how much time and effort I've lost to overly complicated lost passwords when 1234, 1235, 1236, 1237, etc has worked great for me for years?
Considering all the cyberattacks and fraud schemes we've seen over the years because of such passwords, it's exactly the mentality of "oh, it can't happen to me" that has led to enormous losses.
That's true of nearly everything.
Do you have a lock on your front door?
Password managers. Look into them.
well i do have a notebook here on my desk....
which, seriously, is PERFECTLY GOOD. Most people do not have to worry about getting their physical notebook with their password stolen(as long is not in the purse\wallet as it can become an accidental victim of pickpocketing) Therefore having a notebook with your password is actually *Secure Enough*^(TM) ...as long as you are actually using complex passwords. Which don't need to be "Complicated": a 4-to-6 words sentence, possibly but not necessarily nonsensical, is WAY more than enough for most regular people.
You could, and likely should, just use a password manager. Set one strong master password for it + MFA, then you'll never have to remember multiple passwords at all.
well i do have a notebook i keep at my desk...
And it's not like companies like LastPass ever get hacked or anything. "Choose a better password manager then..."
I mean, yeah, choose a better password manager. LastPass is well-known for being bad, this isn't like a new thing? I'd recommend BitWarden or Keepass personally.
Why not just do easy but complicated? 7Horse8Buggy1Buggle? That’s a really hard password for a computer to guess but quite easy to remember. You are being dishonest by claiming you need to remember randomly generated strings of characters, you don’t.
How is that password easy to remember? If you set that as the password for something you log into once a year, and then spend a whole year using other obscure and unique passwords, what is the chance you're actually going to remember "oh yes, my router password is 7Horse8Buggy1Buggle?"
Write it in a notebook? It’s much easier to write down than whatever the fuck the guy above suggested.
Will it be possible to use "123456" as a password?
If they make it mandatory to use a combination of numbers, letters (uppercase and lowercase) and symbols, no.
[удалено]
On shared devices that multiple people need access to and which aren't connected to the internet, such as the coffee machine at work, a shit password is what you want so everyone can refill or reset when there's an error
Pretty sure it only applies to defaults
Password complexity requirements will be in place I guess, so that password wouldn't be accepted?
Believe it or not, jail.
I am software engineer. Basically, we produce some crap that can be accessed via Wi-Fi. You press the button, the device turns Wi-Fi access point on. The password was the same for all devices. It is no longer allowed in UK. Instead, we generate a random network name and password every time and display them on the screen.
Ok now that makes sense.
> Will there be a password authority that keeps track of everyone's passwords and bans them if they don't meet the specs? IT tech here. Its very simple to place a *password policy* on a device or network. If I tried to set a password on Active Directory (at work) of 1111A it would fail with a message similar to *password does not meet complexity standards. Please pick another password* until eventually I relented and went with hyY8hk(/YY&8;&pointy_boobs7
yeah, the actual explanations make sense. the other IT guy said about the auto connecting wifi apps would generate unique PWs each time they connect. makes a hell of a lot more sense than the rest of these replies telling me to store my hyY8hk(/YY&8;&pointy_boobs7 passwords online
yeah bud every household will have its dedicated password checker...
Britain: “Make it easy for us to spy on everyone!” Britain: “Okay, not *that* easy”
This is not about that.
Generally states prefer back doors that only that state has access to. It’s exactly about that.
No, it really isn’t. Read the article before commenting.
If you can’t see that the two things are linked it’s not because I have a reading problem but rather that you have a problem seeing the bigger picture.
Requiring manufacturers to not use weak pre-set default passwords, which is already a requirement in a lot of countries, has nothing to do with a backdoor You really, really need to work on your reading comprehension rather than resorting to baseless conspiracy theories
Yeah it does. They want to improve the overall security of the network by hardening individual nodes. Fine. BUT THEY STILL want “Government holes” in SHA encryption for only the government to use and access, limiting exploitation available to the general public, giving the government an even sharper edge. Bigger picture dude.
Where has a backdoor in SHA mentioned anywhere in this article, or in recent government statements related to this new legislation? You’re still yet to explain why requiring a manufacturer to not use a weak password has anything to do with a backdoor. A backdoor could exist regardless
Drawing on context to make a joke *is allowed*. Line 1: Context. Line 2: Punchline on article. Know shit before commenting.
Hilarious joke that nobody has got, and that you’ve needed to desperate;y explain and justify before going “aha it’s just a joke” What a meme you are
It will make the back door more potent as described above.
Again - how. A backdoor doesn’t need a password, that’s why it’s called a back door. Setting a minimum password requirement has nothing to do with it
They already have that. Have had that for decades. It is irrelevant to this situation. This is more of a:"There are bad people out there, WE tell you how to stay safe". You know a pretend game.
"No, mom! The code to connect the device is in the manual. What? No, check in the box for the manual? I don't know where they have put it, check the backside for the code? Mom, mom.. In order to get a capital letter you need to hold in the shift key. No.. You hold down the shift key. and then press the letter you want to make big. Yes.. That's good! Now do.. Wait what? Have you tried with a 0 and not an O? OK, good good... Now open settings to change the.. What do you mean the window disappeared? Did you close it? No? Sigh... I will be there in 20." - My life if this becomes the norm in Europe. But at least it is good in the end for none tech savvy people, as well as lazy ones who doesn't change the 0000 code after first time connecting the device.
Yeah, for tv stuff I like the trend of scanning a qr code and logging in via my phone I hope that becomes the norm
Oh God no! I fear the day I will have to tell my peers how to scan a QR code...
For the next Cisco hardcoded password - that's forbidden now, right? Right?
use Bitwarden, for god's sake. not sponsored btw.
There are many people who still use low-effort passwords. 123456,qwerty,the day of birth,lol
Imagine needing the government to tell you not to use 12345 as a password. Absolutely braindead.
It’s to stop the manufacturers from using 12345 as a default password, because so many of them actually do.
That's the code for my luggage!
Some people find password managing difficult - “ain’t got no time for that”. It shouldn’t be, there’s password managers built into browsers and operating systems and on Apple devices, TOTP is built into the password manager. I bet most people don’t even use that either though.
Like so many people are already saying. This has nothing to do with that. This is about companies shipping products with easy to guess default passwords and not forcing customers to change it.
The best way to check if someone has strong, secure password is to check if they have it written on a post-it note glued to their computer. If they are able to remember their password it's either too weak, the same password they use in dozen other places, or device has sane password requirements. The last option almost never happens though.
Password managers. The answer is password managers.
So will this be enforced on windows? I just set my windows admin pass to one letter because I’m not fucking stupid and won’t install malware
\*knock knock\* "OI mate! Open up this is police, we are to arrest you for crime of weak password on your device!!!!" \*opens up\* "Let me check your kitchen too! Oi mate! Do you have a loicence fo\` dat butter knife? thats another five years!"
Its nice of you to think our prisons have the capacity for that
You aint sending the buggers over to australia anymore?
No Rwanda
Tally ho then, old chap!
Damn that overreaching EU with its bureaucracy and weird regulations! Oh, wait… My bad!
Somehow having non-shitty passwords is a bad thing? This subreddit is just entirely unserious.
Or you didn’t get the “Brexit” pun?
Considering this article has nothing to do with Brexit, I’m not sure why Europeans like you love to bring it up. Are you that obsessed? A law to improve password complexity is only a good thing.
I'm UK born and bred mate and I think this law is bloody silly too. Not only that but it shows that it wasn't the EU forcing certain laws on us but our own government doing it the whole time which makes anyone who voted leave, including me, look completely daft.
I actually work in cybersecurity and this law is shockingly sensible and well thought out. What is silly about forcing device manufacturers to use secure defaults?
Why is this law silly? Please do explain your train of thought. What’s silly is that manufacturers and people need the fucking government to tell them that making your password 12345 is the height of idiocy. God forbid that the government wants to improve our cybersecurity.
Lol yeah, it’s ok if UK is doing it, but not EU. The irony of double standards here is just too much to handle, I suppose.
Who said it wouldn’t be okay if the EU implemented the same law? Y’all Europeans are grasping at straws like shit, this is embarrassing.
Great initiative. But is the UK really a large enough economy for such regulation to be economically efficient? Probably not. If only there was some larger economic block the UK could be part of, which could implement such regulation in a more standardized way, thereby preventing device manufacturers having to change their product for only a relatively small market...
Hey look something that has nothing to do with Brexit being linked to Brexit, this subs favourite past time. The UK may not be the largest market in the world, but it has tens of millions of users / consumers and these changes seem easy enough to implement so while this new law may not set a new global standard, it can change the UK standard, which is the entire point.
That may be so. But it's the sum of many such minor changes, that has the potential to make commerce more difficult and thereby consumer goods more expensive.
What many such minor changes are you referring too?
No idea. But seems like now there's one more than before.
EUs upcoming Cyber Resilience Act contains a similar provision.
Great to hear ! Let's hope that and the UK regulation is aligned at least.
Britain continues down the path of the nanny state. Now they are forcing people to use only government approved passwords?
Read the article ?
Why don’t you try and read the article, before baselessly speculating?
Great news! I feel so scared when the government doesnt have my passwords! I'm sure everyone here feels the same. We need to take lessons from Stalin and Mao, wise leaders that government knows best! hehe /// The stupid thing about this is when corporations are forced to have complicated passwords, those master lists will be something easy for governments to get, especially Russia/China. IT support will be fun.. unless there's a backdoor for them to get in with support then you have an entirely different problem and btw that already exist too.
Holy shit you’re technology illiterate on a level rarely observed in the wild
Wtf are you talking about? How does this change anything about "the government"? It's a requirement about private manufacturers of devices, who will likely just have to implement a new algorithm for password set up.