Announcement

Collapse
No announcement yet.

Two-Factor Authentication?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Two-Factor Authentication?

    Any info on the roadmap to offer Two-Factor authentication? Perhaps with something like duo?
    Last edited by macrho; March 9, 2017, 05:21 PM.

    #2
    Originally posted by macrho View Post
    Any on the roadmap to offer Two-Factor authentication? Perhaps with something like duo?
    +1

    Comment


      #3
      I'd even like to see Touch ID offered as a starting point.

      Comment


        #4
        I think that this subject is getting lost amongst the other priorities.

        Exactly, how would you consider the implementation of two factor authentication?

        So, we know that the HomeSeer license key is already a factor in this architecture design. But, we do not know the exact details of how the license key is used.

        To add, I see it concerning that there is not a challenge/response authentication mechanism between my HomeSeer system and the MyHS "Cloud" technology. I just changed my password and the MyHS cloud technology did not require me to re-authenticate my HS system with the new password. It seems like that the security of the MyHS cloud technology to my HS system is not as strong as it maybe should be considering that there could be a negative impact to my Home if the MyHS cloud technology is compromised.

        What are your thoughts?
        HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

        Comment


          #5
          +1

          Comment


            #6
            +1
            My Google Authenticator longs for a myhs entry.

            Comment


              #7
              While I embrace this sort of thing, let's think about the implications.....

              It is easy to say, "yes, I want this". In my opinion, this opens up another can of worms for HomeSeer Technologies as it could introduce more variables out of their control. If you want something like this then you better be throwing money out of your wallet as it will create more testing and certification headaches for HST.

              Who is going to fund the development and continuous testing?

              Remember, security comes at a price!!
              HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

              Comment


                #8
                MYHS is useful in situations where I can't use my domain and reverse proxy. For me that is plugins, and IOT features (amazon dot)

                Agreed, with @Krumpy here. I would first like to see a HS3 server device authentication with myhs using some type of challenge/response authentication to synchronize an HS3 install with MYHS first.

                I would then like to see failed login attempt lockout/notifications on myhs.

                After that is said and done I would appreciate 2FA so long as it doesn't brick my plugins.


                Sent from my iPhone using Tapatalk

                Comment


                  #9
                  Originally posted by Krumpy View Post
                  While I embrace this sort of thing, let's think about the implications.....

                  It is easy to say, "yes, I want this". In my opinion, this opens up another can of worms for HomeSeer Technologies as it could introduce more variables out of their control. If you want something like this then you better be throwing money out of your wallet as it will create more testing and certification headaches for HST.

                  Who is going to fund the development and continuous testing?

                  Remember, security comes at a price!!

                  This is an old thread, but, WHAT!!! The safety of one's family has no price. My doors, alarm system and IP camera's are controlled by HS.

                  Comment


                    #10
                    I agree with others, Homeseer is in control of you're whole house. A 2FA authentication should at extra security so nobody can logon to you're internet connected domotica system with only a username and password and take over that control. More and more user databases are wide open on the street these days so count me in for a 2FA (Google Authenticator/Authy like) security layer.

                    I already at 2FA to a lot of services like hotmail, gmail, webhost administration, Synology NAS, OpenVPN, etc with Authy app. When "hackers" would like to login to those services then they also need my phone to get in. Would love to see that also for Homeseer.

                    Comment


                      #11
                      How would this impact Alexa/Google home integrations? Yes the original connection of the skill could present the 2FA challenge, with the usual "Do not ask me again on this device" tick box. But in my experience those session tokens do eventually expire and you are inevitably asked for the TOTP again, even if it's 6-8 weeks apart.

                      What would that do to an Alexa skill? All your voice commands stop working one night. Eventually you realise it's because the authentication has expired for the skill. You disconnect and reconnect the skill in order to re-authenticate. At that point the midden hits the windmill as Alexa tries to recreate a bunch of existing devices.....

                      Maybe it wouldn't be an issue, but definitely something that needs to be navigated.

                      For those concerned over security, a small step in the right direction for the time being might be to implement country IP blocking to your published HomeSeer ports, assuming you have any.

                      Comment

                      Working...
                      X