Strengthening Cybersecurity with Strong Password Practices

At DDSystems, we understand that passwords are our primary defense against cyber threats. Yet, many people still use generic, easy-to-remember passwords, compromising their security. This blog will explore the risks of generic passwords, what US and Canadian businesses can learn from the UK’s new ban on weak default passwords, and strategies for creating robust, secure passwords.

The Problem with Generic Passwords

When setting up new internet-connected devices, it’s common to encounter default passwords like “Admin” or “12345.” These generic passwords, though convenient, offer little protection against cyber threats. Cybercriminals can easily guess these passwords, gaining unauthorized access to devices and sensitive information.

A study by the IoT management platform Asimily revealed that routers constitute 75 percent of infected connected devices. Other IoT devices, such as digital signage systems, security cameras, and medical devices, are also frequently targeted. The widespread use of weak, default passwords significantly contributes to this vulnerability.

What We Can Learn from the UK’s New Password Legislation

In response to the growing threat of cybercrime and the proliferation of connected devices, the UK government has implemented new laws to enhance cybersecurity. It’s critical for users around the world to take note of these new regulations, as they set a clear precedent. Just as Europe’s GDPR preceded the US’ CCPA, this password ban is likely the first of many cybersecurity regulations to come.

The UK’s new password regulations mandate that:

1. Universal default passwords like “Admin” or “12345” are banned. Each device must have a unique password.
2. Manufacturers must provide a public contact for reporting security vulnerabilities and specify how long the device will receive security updates.
3. The duration of security updates must be clearly stated at the point of sale, either on the box or online.

Implications for Manufacturers and Users

For Manufacturers

If similar legislation is adopted in the US, manufacturers will need to set unique default passwords for each device and comply with additional security requirements. While this increases complexity and costs, it also provides an opportunity for manufacturers to lead in cybersecurity.

Manufacturers must maintain compliance records and be available for reporting concerns, increasing their workloads. Enforcing these laws, particularly for devices made abroad, presents additional challenges. A centralized database of approved vendor products vetted for compliance could help streamline enforcement and ease the burden on importers and distributors.

For Users

Enhanced legislation promises increased security for users, making devices less susceptible to cyber-attacks. However, users must be prepared to manage complex default passwords. Educating users on good password practices can help mitigate potential password overload and anxiety.

By teaching users how to create strong, unique passwords and the importance of regularly updating them, we can ensure the benefits of enhanced security are fully realized without overwhelming users. Additionally, providing resources and tools to simplify password management, such as password managers, can significantly reduce the burden on users while maintaining high-security standards.

The Role of Strong Passwords

While the UK’s new legislation is a significant step toward improving cybersecurity, users everywhere must also take responsibility for their online security by using strong, unique passwords and enabling additional security features.

NordPass’s Annual Most Common Passwords List

NordPass’s annual Most Common Passwords list highlights the prevalence of weak passwords. Some of the most common passwords include “123456,” “admin,” “12345678,” and “password.” These passwords can be cracked in less than a second, underscoring the need for stronger password practices. Users should create passwords that are complex and unique to each account to avoid falling into this trap.

Tips for Creating Strong Passwords

1. Use a Mix of Characters: Incorporate uppercase and lowercase letters, numbers, and special characters. A password like “Pa$$w0rd!” is much stronger than “password123.” The variety of characters makes it harder for hackers to crack the password through brute force attacks.
2. Avoid Common Words and Phrases: Do not use easily guessable words or phrases such as “password,” “admin,” or “qwerty.” Instead, use a random combination of words or create a passphrase using unrelated words, such as “BlueBanana$Dance77.”
3. Make It Long: The longer the password, the harder it is to crack. Aim for at least 12 characters. Password length exponentially increases the difficulty for hackers to perform successful attacks. For instance, a 16-character password is significantly more secure than an 8-character one.
4. Use a Password Manager: Password managers can generate and store complex passwords for you, eliminating the need to remember each one. Tools like LastPass, 1Password, and Dashlane can create random, strong passwords and save them securely, so you only need to remember one master password.
5. Avoid Reusing Passwords: Each of your accounts should have a unique password. Reusing passwords across multiple accounts increases the risk that a breach of one account could compromise others. If a hacker gains access to one password, they can potentially infiltrate all accounts using the same password.

A New Era of Cybersecurity

The UK’s ban on weak default passwords is a crucial step in enhancing cybersecurity that will likely be followed in nations around the world in years to come. While it places significant responsibility on manufacturers, it also empowers users to take control of their online security. By adopting strong password practices and staying informed about cybersecurity best practices, we can collectively reduce the risk of cyber threats and protect our digital lives.

This example from the UK highlights the importance of proactive measures in cybersecurity—a lesson the US and Canadian businesses can heed to strengthen their own cyber defenses.

For assistance or more information, contact DDSystems at 410-487-1274 or visit DDSystems.com.