Is there any effort to implementing 2FA or MFA into the HE mobile app?
it seems that it would be pretty easy to brute force users accounts.
support for FIDO2, U2F, Smart card, OTP, OpenPGP 3 would make the app much more secure.
once authenticated you could give an option for the app to be remembered so that MFA is only asked once. or once a month or once a year. etc...
Im wondering if failed logins to the app logs the users account or is it give unlimited tries to guess the password.
Since the user name and password is a hubitat.com user i would suggest also allowing an option for 2FA, MFA with the hubitat.com login also.
if I'm off on how i understand this please let me know.