New laws mean vendors need to make clear how long you'll get updates too

Smart device manufacturers will have to play by new rules in the UK as of today, with laws coming into force to make it more difficult for cybercriminals to break into hardware such as phones and tablets.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI Act) aims to enforce minimum security standards by which all device manufacturers must abide.

Of the three main requirements all smart devices must adhere to, shipping devices with easily crackable default passwords is arguably the headliner. Default passwords are allowed, but if they're easily discoverable online, then it will fall foul of the Act. 

It has been coming for a while. We started reporting on the proposed PSTI Act back in 2021 and even at the bill's first inception, it primarily aimed to stamp out these what's-even-the-point passwords.

It's almost certainly a good idea – especially when we have cheap overseas ...