Consumer IoT Security Guidance

No Universal Default Passwords

New standards and upcoming regulatory change means organisations need to ensure their products do not use universal default passwords and should assess how their IoT products use passwords. This is an important provision because universal passwords weaken security. If one device is compromised, all devices with that password are compromised.

The IoTSF Consumer IoT Security Quick Guides build upon the new ETSI EN 303 645 specification on consumer IoT cybersecurity. It is the first international standard of its kind and governments are publishing Codes of Practice (e.g. the UK and Australia) and preparing new legislation (e.g. the UK) based on the standard.