Stacey on IoT | Internet of Things news and analysis

Internet of Things

  • Home
  • Analysis
  • Startups
  • How-To
  • News
  • Podcast
  • Events
  • About
  • Advertise
  • Speaking
    • Facebook
    • RSS
    • Twitter
    • YouTube

Why it’s time for 2FA on all smart home devices

June 12, 2021 by Kevin C. Tofel 1 Comment

On our most recent IoT Podcast, Thomas called in to the voicemail hotline with a question. Technically, it was more of a plea, but it’s an important one. So we decided to help amplify Thomas’s concern with the lack of 2FA, or two-factor authentication, on smart home devices.

In Thomas’s case, it’s the Flo by Moen Smart Water Security System. According to him, Moen said it would bring 2FA support roughly a year ago, which would add more protection to his Moen account. That hasn’t happened yet.

Image courtesy Moen

This means on the Flo by Moen and other smart devices without 2FA support, consumers don’t have a second layer of account protection. While we often discuss IoT device exploits that require a network connection, losing control of a device account doesn’t always require network access.

Think of it this way: If a smart device is configured for remote access, as they often are, it can be accessed from anywhere in a supporting mobile app. To use that app, all you need is the account credentials. In theory, then, someone could get Thomas’s Moen account credentials and remotely disable the system monitoring without his knowledge.

With 2FA implemented, any ill-intentioned hackers would have to get through the second level of access before modifying his device. And that’s harder. 2FA often relies on a second device, dongle, USB key, or constantly rotating numeric code. Text messages are used for 2FA as well, but they’re inherently insecure.

I personally use 2FA on all of my devices and support for it is now a factor in my purchase decisions for smart home gear.

Would I care if someone got my Wyze passwords and remotely accessed my smart bulbs? I wouldn’t be happy but it wouldn’t be earth-shattering. I could simply unscrew the bulbs and/or replace them in a worst-case situation.

In the case of connected devices that can control the water flow or temperature to my home though? That poses a potential danger and, even worse, destruction. Those are the devices that I would want 2FA support on the most, so I can appreciate Thomas’s disappointment on this one.

To hear Thomas’s question in full, as well as our discussion on the topic, tune in to the IoT Podcast below:

 

Want the latest IoT news and analysis? Get my newsletter in your inbox every Friday.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Analysis, Featured Tagged With: 2FA, account security, Flo, moen, smart home

Sponsors



Become a sponsor

Subscribe to Blog via Email

Enter your email address to receive notifications of new posts by email.

Comments

  1. Lary K says

    June 16, 2021 at 6:08 am

    I sit here with my original Z-wave remote and master controller from 2000 sitting here on my desk. We didn’t need any authentication because there is no internet connection to a z-wave network. Sure there might be one with the central Wink or Smartthings hubs, but not every switch or bulb like there are with today’s wifi products. We need to discourage use of wifi products, not finding ways to make them more complicated to use.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IoT Podcast

Listen to the latest episode of the Internet of Things Podcast. Just press play!

Sponsors

Become a sponsor







Get Stacey’s free weekly Internet of Things newsletter

  • This field is for validation purposes and should be left unchanged.

Recent Comments

  • Michael Rada on Podcast: Hacking sensors and securing medical devices
  • Jon Smirl on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Lawrence K on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Hugo on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart

Stacey on Twitter

Tweets by gigastacey
Copyright © 2023 SKT Labs, LLC · Privacy Policy