Wouldn't 2FA be a breaking change for anyone using Node-RED or a 3rd party tool to log into HE? I use Node-RED to automate shutting down HE in case of a power outage and also automate the process of making local backups (I do have Hub Protect but keep local backups as well).
Maybe, but not necessarily. They could do 2FA for local UI logins, but not for Maker API. Lots of systems allow API access without 2FA, but require it for UI/config/management logins.
Although (to your point) some things like automatic backups could indeed get clobbered with a 2FA implementation, as that level of UI access from just URLs would likely get blocked.
Anyway, OP's feature request is seen. Whether it gets done or not is up to the devs/their list of priorities.
4 Likes
If 2FA was "optional" (like the current "password" security), it would work in both situations, so I'd be OK with it, If "required", then it would be hard pass for me 
2 Likes
Another thought about this.
I’m certainly no cryptographer, but I’ve gotten the impression that this can usually be protected against by using a random string of numbers, letters and special characters.
Unless perhaps the attacker has access to a really high powered computer, and is really, really motivated to crack your specific hub.
Here’s an example calculation of what it would take to brute force a 12-character password:
(Again, not a cryptographer here, so maybe I’m way off and grossly underestimating the magnitude of the threat).
1 Like
Apologies if I'm explaining something you already know. .. but the purpose of the 2fa is that it takes away the risk of the password being compromised in some way (perhaps not entirely), including interception, by requiring an extra layer of confirmation, usually tied directly to the person, like an app on your phone, etc, meaning it no longer relies solely on the username / password combo, but access to the user's personal device. I believe some systems even introduce additional layers such as a personal access token, a valid Windows login on the local machine on the correct domain and a personal device confirmation, but I don't think we are suggesting or even discussing that level here.
I'm also no cyber-security expert, and will happily step aside for anyone else to correct me 
No worries, Simon. I’m familiar with the broad strokes of multi factor authentication.
AFAICT, the OP is requesting that 2FA/MFA be added to the hub’s local login because they are concerned someone knows their password, could guess their password, or could brute force their password.
I’m suggesting that as long as the hub is not directly accessible from the internet, and a moderately strong password is used (but not reused from another login), the above concerns are theoretically possible but not realistically plausible.
4 Likes
Yes, a strong password is always a good suggestion. And I am mostly comfortable with the local access methods myself, for what I understand in this space.
1 Like
This is the part that I feel makes these types of personal HE breeches look unlikely enough (for me) to color me pretty much unconcerned. There is a very large ocean out there, and the likelihood that it will narrow down to my account/my home/my lock seems pretty tiny.
If you want to break in, just come on by and cut through or break a window, or force a door (for directions watch almost any cop/CSI/secret agent show where they force a door). On most homes (unless they've invested in some serious door hardware) takes a couple of minutes and no need to crack any passwords. 
I get that everyone has their own feelings about how secure they need to be...I use 2FA on my email accounts, bank accounts, and other sensitive stuff, secure my home network w/complex passwords and keep my systems updated, but not so worried about my hub being a potential entry point.
1 Like
The only problem with this logic is you are assuming everyone on your local network is trustworthy.
I provide access to my network to friends when they come over. some of these friends bring friends. so i don't always know 100% who the people are on my network. I would prefer to protect devices on my network with 2FA than trust who makes it on to my network.
Your security is only as strong as your weakest link. Assuming something wont happen because it's improbable is the worst security practice to have.
I really think it depends how improbable.
The password I posted above can be brute forced. But not for about a thousand, or even a billion centuries.
@danabw mentioned the physical aspects of home security above. I personally don’t have bars on my windows for example, because I've decided that in my neighborhood, the risk of someone smashing the window to gain access to my home is sufficiently low.
I have locks on my front and back door. But even those are technically pretty worthless if someone decided to force the front door with a pry bar or a couple good kicks. The back door has panes of glass in it, so the deadbolt is accessible to anyone that decides to smash a small pane of glass on the door.
3 Likes
Your situation provides a use case for why sequestered guest networks are a good idea.
To @marktheknife's point, if someone keeps their LAN as open as you apparently keep yours, it would prudent to pick passwords that are more difficult to crack.
In any event, this request has been made, so I'm closing this thread.
3 Likes
