If you forget your password to an IoT device, and the paper label on it wore off, is it now mandatory for it to be permanently bricked and instant e-waste?
This will end up just being really annoying and accomplish nothing, like most corporate password policies. It would be nice to see a focus on actually solving the problem, instead of the usual liability transfer. Best case scenario, the password is written on a sticker on the device. This is the norm where I live. I would love to see incentives for actual user friendly security enhancements.
This is a nice start at standardizing basic IoT device security; other highlights:<p>- manufacturers must tell customers up front about the lifespan of security patches and updates
- manufacturers must provide a public point of contact for vulnerability disclosure