The UK is banning weak passwords—here's why it's a good thing
The ban aims to improve the UK's cyber resilience—and I think it will
If you're guilty of using less-than-secure passwords, you may have to change your act—and quick. In just a week, common or easily-guessed passwords (e.g. 'admin' or '1234') will be banned in the UK in an attempt to curb cyber attacks.
These world-first cyber security laws will mean that all internet-connected device manufacturers must implement minimum security standards that will see users being asked to change their password if they enter a default or common password when they create a new account.
These new standards come as part of the UK's Product Security and Telecommunications Infrastructure (PSTI) regime, an organization that aims to increase Britain's cyber resilience and mitigate the potential effects of cyber attacks on both the UK's and the wider global economy. The new regulations will also require manufacturers to publish their contact information so customers can report any issues or bugs, and to contact all users to let them know when security updates are happening.
Why is it bad to have a weak passwords?
While passwords are the first line of defense against cyber attacks, and strong passwords can prevent hackers gaining access to your accounts and/or your business' network, we often don't treat them like this.
Bitwarden's Fourth Annual Global Password Day survey recently revealed the extent to which people are using bad password practices.
The research found that one in four people reuse passwords across 11-20+ sites or apps at home. This behavior is particularly risky, as it means that if one password is exposed in a data breach, it can potentially be used to log in to multiple different accounts.
Hackers rely on users reusing login credentials to carry out credential stuffing attacks. These attacks see them 'stuff' login details exposed in data breaches to multiple other sites in an attempt to find a combination that works. The impact of this can be widespread, and the sale of 13 million 23andMe customers on the dark web in January of this year was linked to a credential stuffing attack.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
Bitwarden also found that 37% of people admit that their workplace security habits are "risky", with 35% of respondents saying they store passwords insecurely and almost two in five (39%) saying they use weak login credentials.
Dodgy workplace security practices can have devastating consequences. For an example of this, look no further than January of this year, which saw a "ridiculously weak" password be responsible for Orange Spain's network being taken offline.
The password in question was, inventively, "ripeadmin". Using the password, which was obtained via the dark web, the hacker was able to deny service to Orange Spain customers by making changes to its global routing.
The weak password ban will help avoid both of these scenarios, and make people as a whole more secure from a cyber security perspective.
How can I remember secure passwords easier?
The quite frankly shocking gap between cyber security best practice and actual practice highlights why these measures are needed—while it may be frustrating for people to have to come up with a strong, unique password, it's far better for them and their security in the long run.
One of the obstacles to creating passwords that meet these standards is being able to remember them. Bitwarden's survey found that the majority of people rely on memory alone (54%) or writing passwords down (33%). A solution, however, is using a password manager.
Password managers are great for creating and storing passwords, meaning you don't have to rely on memorizing passwords (as 63% of Brits do, according to Bitwarden's research), meaning you're less likely to reuse passwords or go for simple, easily guessed passwords. Not only this, but you don't even have to shell out for one—most, if not all, browsers and smartphones have one, with many offering a 'create a secure password' service, meaning you are kept secure in just a few clicks.
If you want more information on creating secure passwords, check out our guide to the password mistakes you should avoid making.
Olivia joined TechRadar in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across sites including TechRadar Pro, TechRadar, Tom’s Guide, iMore, Windows Central, PC Gamer and Games Radar. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.