Greetings, folks
I have been away from this board for quite a while. Sort of gave up on relying heavily on HS and attempted to move important functions (security, climate control, surveillance) to separate, much more modern solutions. However, I still have a 4500 sq ft house fully equipped with Z-Wave devices, close to 97 per cent I'd guess, so after seeing the sales banner, realized that HS4 is apparently and imminent reality. Bought an upgrade because, well, not going to trash close to 200 switches and sensors and go Control4 route now...
Anyway, as I attempted to figure out what exactly is new and improved in HS4 (I mean, licenses are sold and release is "...by the end of 2019"), I realized that not much is crystal clear. My last upgrade from HS2 was, well, painful. So, I attempted to study up now. Failed. Literally no detailed information. Everything , in terms of features, reads like marketing material. So I lowered my expectations accordingly. But... I would love to know the answer to one question: access security.
HomeSeer goes several years between major versions. This is a major one. For quite some time, in order to easily access the system, without workarounds, myhs.homeseer.com is the way - via web browser away from home, or from your smartphone. The issue is the lack of 2FA, that one time code that most of us should be using to access, well, any site that supports it. The more you integrate into HomeSeer, the more your whole house is exposed to anyone able to log into myhs.homeseer.com. Pretending that a secure user name and password are safe is silly these days. I doubt anyone would argue with that. I brought this up several time when the site went live (myhs.homeseer.com), simplifying remote access and management and eliminating the need for port forwarding (much more insecure). But my questions died off without any meaningful answer.
So, any news, from anyone, about securing access to myhs.homeseer.com, not by individual workarounds (IP whitelisting, VPN access, etc), but using industry standard and security experts recommended design and implementation?
Respectfully,
Alex
I have been away from this board for quite a while. Sort of gave up on relying heavily on HS and attempted to move important functions (security, climate control, surveillance) to separate, much more modern solutions. However, I still have a 4500 sq ft house fully equipped with Z-Wave devices, close to 97 per cent I'd guess, so after seeing the sales banner, realized that HS4 is apparently and imminent reality. Bought an upgrade because, well, not going to trash close to 200 switches and sensors and go Control4 route now...
Anyway, as I attempted to figure out what exactly is new and improved in HS4 (I mean, licenses are sold and release is "...by the end of 2019"), I realized that not much is crystal clear. My last upgrade from HS2 was, well, painful. So, I attempted to study up now. Failed. Literally no detailed information. Everything , in terms of features, reads like marketing material. So I lowered my expectations accordingly. But... I would love to know the answer to one question: access security.
HomeSeer goes several years between major versions. This is a major one. For quite some time, in order to easily access the system, without workarounds, myhs.homeseer.com is the way - via web browser away from home, or from your smartphone. The issue is the lack of 2FA, that one time code that most of us should be using to access, well, any site that supports it. The more you integrate into HomeSeer, the more your whole house is exposed to anyone able to log into myhs.homeseer.com. Pretending that a secure user name and password are safe is silly these days. I doubt anyone would argue with that. I brought this up several time when the site went live (myhs.homeseer.com), simplifying remote access and management and eliminating the need for port forwarding (much more insecure). But my questions died off without any meaningful answer.
So, any news, from anyone, about securing access to myhs.homeseer.com, not by individual workarounds (IP whitelisting, VPN access, etc), but using industry standard and security experts recommended design and implementation?
Respectfully,
Alex
Comment