The United Kingdom has introduced a new law that bans generics passwords on smart devices to protect consumers from cyber attacks,
Experts say Canada should adopt similar measures because it is a serious issue Cyber security continues to grow.
A new law aimed at protecting consumers from increasingly sophisticated hackers and cybercriminals officially went into effect on Monday. The law requires manufacturers to adopt minimum security standards to prevent hackers from accessing devices with Internet connectivity, such as smartphones, game consoles and connected fridges. Press release It has been said by the UK government.
The release said that under the new law, manufacturers are “banned from allowing weak, easily guessable default passwords such as ‘admin’ or ‘12345’.”
It said that in addition to boosting the UK’s resilience against cyber threats, the new measures will also help consumers have confidence in buying and using smart products, which will help grow the country’s economy.
The UK Data and Digital Infrastructure Minister said, “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are safe from cyber threats, and protect personal privacy, data and finances. The integrity of is better preserved.” Julia Lopez says in the release.
The UK is the first country in the world to introduce legislation that requires manufacturers to protect consumers from exploitation by hackers and cyber-attacks.
Cyber security experts say Canada should take similar steps. Dan Kagan, senior vice-president at identity management company Okta, says passwords are “outdated” and leave Canadians vulnerable to cyber threats.
“(Humans) are the weak link because we are creatures of habit. So what we’ve done is we’ve made it easier to remember passwords… because we can’t forget kids’ names and favorite sports teams. The problem is that in doing so, we become too predictable,” Kagan told Global News.
The email you need for the day
Top news from Canada and around the world.
“We leave ourselves vulnerable to the activities of threat actors, cyber criminals, etc.,” he said.
Kagan says the rapidly increasing sophistication of cybercriminals means generic passwords no longer provide the protection they once did from being hacked.
Although everyday consumers are most commonly targeted, Canada and Western democracies around the world have also seen a significant surge in attacks or threats against critical infrastructure in recent years.
“It is reaching the point where infiltration is hitting the government layer. If the passwords to access government services are extremely simple, you are leaving not only yourself but the rest of the country vulnerable to a system that can only be broken with a password,” Kagan said. .
Kagan says while Britain’s ban on generic passwords is a good measure, the most effective action against cyber threats would be for governments to replace passwords with other technology.
He says the best solution to logging into the portal without a password would be biometrics, including face, fingerprint and voice recognition. Apple is an example of a brand that is already using this method with its smart devices.
“It’s very hard to copy your face or fingerprint,” Kagan said.
However, Kagan says she recognizes that it will be hard to convince consumers to drastically change their password habits, so the new UK law is a solid starting point.
Cyber attacks are becoming ‘easier’ in Canada, expert warns
The past year has seen dozens of high-profile cyberattacks and ransomware targeting major businesses, healthcare networks, law enforcement, and governments around the world.
A Canadian Center for Cyber Security report from august It said last year that over the next two years, “financially motivated cybercriminals will certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world.”
Canada Security and Privacy Research chair Natalia Stakhanova says one reason for the increase in criminal cyber activity is the tools being cheap and easy to use to commit illegal acts and inadequate cyber security.
“It is becoming easier to break into the system,” Stakhanova told Global News. “We all really need to think about safety these days.”
Stakhanova echoed Kagan’s sentiments, saying that passwords inherently have many vulnerabilities due to our human nature. Now, with the increasing intelligence of cybercriminals, she says Internet-connected devices have become “entry points into our homes.”
That’s why she says the new U.K. law is a “smart” move, adding that Canada has historically been “far behind” in terms of safety guidance and regulations.
“Having government oversight is definitely a smart move. “It gives us a little more assurance as consumers that now device manufacturers will actually be responsible for the security built into devices,” Stakhanova said.
“Implementing this type of guidance would certainly be beneficial to consumers in Canada,” he said.
What is considered a strong password?
Stakhanova says that for Canadians who want to improve the strength of their passwords, a good place to start is by choosing something that isn’t easy to guess. Also ensure that the password is not repeated for more than one portal.
Stakhanova says another good trick is to avoid words that are in the dictionary. You can combine words, but don’t use a single word. She says all it takes for an attacker to successfully hack someone’s account is to pull up an existing profile and compare their passwords to those from five to 10 years ago.
“When you’re talking about common passwords, you should really think about the list that makes up the billions of entries of passwords we’ve used in the past,” she said.
Stakhanova acknowledges that it will be challenging to convince many people to avoid using generic passwords, but she said the benefits of doing so “should be quite obvious.”
“I understand the convenience, but we need to understand that in this kind of scenario of ever-increasing cyber attacks – we have seen something emerging on a daily basis – we need to be more vigilant,” she said.