![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
Further, any password reset process shall be possible only after appropriate authenticating of the user.
Releasing a broad set of guidelines to machine 2 machine (M2M<\/a>) and IoT stakeholders for securing consumer IoT, the DoT said many M2M\/IoT devices are being sold with universal default usernames and passwords (such as admin) and this has been the source of many security issues in these devices which needs to be eliminated.
“Thus, all such device default passwords shall be unique per device and\/or require the user to choose a password that follows best practices, during device provisioning. The passwords must not be resettable to any universal default value,” DoT said.
The department prescribed following of best practices on passwords and other authentication methods such as the use of the strongest possible password appropriate to the usage context of the device.
It also asked stakeholders to provide a dedicated public point of contact as part of a vulnerability disclosure policy for security researchers and others to report security issues and the disclosed vulnerabilities shall be acted on in a timely manner.
The software of the device has to be updated in a timely manner and consumers must be kept informed. Further, software components in M2M\/IoT devices shall be securely updateable in a timely manner.
“If a user interface is available, it shall clearly display when a device has reached its end-of-life, inform the user of the risk of security updates no longer being available and provide suggestions for mitigating this risk,” DoT said.
As per the DoT, IoT is one of the fastest emerging technologies across the globe. It has been projected that there would be around 11.4 billion consumer IoT devices<\/a> and 13.3 billion enterprise IoT devices globally by 2025 i.e. consumer IoT devices would account for nearly 45% of all IoT devices.