On our most recent IoT Podcast, Thomas called in to the voicemail hotline with a question. Technically, it was more of a plea, but it’s an important one. So we decided to help amplify Thomas’s concern with the lack of 2FA, or two-factor authentication, on smart home devices.
In Thomas’s case, it’s the Flo by Moen Smart Water Security System. According to him, Moen said it would bring 2FA support roughly a year ago, which would add more protection to his Moen account. That hasn’t happened yet.
This means on the Flo by Moen and other smart devices without 2FA support, consumers don’t have a second layer of account protection. While we often discuss IoT device exploits that require a network connection, losing control of a device account doesn’t always require network access.
Think of it this way: If a smart device is configured for remote access, as they often are, it can be accessed from anywhere in a supporting mobile app. To use that app, all you need is the account credentials. In theory, then, someone could get Thomas’s Moen account credentials and remotely disable the system monitoring without his knowledge.
I personally use 2FA on all of my devices and support for it is now a factor in my purchase decisions for smart home gear.
Would I care if someone got my Wyze passwords and remotely accessed my smart bulbs? I wouldn’t be happy but it wouldn’t be earth-shattering. I could simply unscrew the bulbs and/or replace them in a worst-case situation.
In the case of connected devices that can control the water flow or temperature to my home though? That poses a potential danger and, even worse, destruction. Those are the devices that I would want 2FA support on the most, so I can appreciate Thomas’s disappointment on this one.
To hear Thomas’s question in full, as well as our discussion on the topic, tune in to the IoT Podcast below:
This is the final episode of The Internet of Things Podcast, and to send us…
This article was originally published in my weekly IoT newsletter on Friday August 18, 2023.…
This article was originally published in my weekly IoT newsletter on Friday August 18, 2023.…
Verdigris has raised $10M for smarter buildings: I am so excited by this news, because roughly eight…
Amazon's head of devices, David Limp, plans to retire as part of a wave of executives that…
If you need any more indication that Matter is not going to kill all of…