The UK introduced the Product Security and Telecommunications Infrastructure Act 2022, becoming the first country to ban default guessable usernames and passwords for IoT devices, while still allowing unique default passwords; this law sets new minimum-security standards for manufacturers and requires transparency regarding security update durations, with California being the first jurisdiction to ban default passwords back in 2018, emphasizing the global impact of such regulations on IoT device manufacturers who are likely to adopt these changes universally. ```
https://www.schneier.com/blog/archives/2024/05/the-uk-bans-default-passwords.html