In fairness, your point of people doing port forwarding is actually a good reason to be in favor of HTTPS.
In all fairness, a majority of people don't understand the significance of the practice of port forwarding and they get tunnel vision. (no pun intended). and become vulnerable with just more than their HE. I would be in favor of it as long as it was a choice. I use it for a lot. But it won't fix .... 
... never mind. 
I know, I know! April was going to say Steak. Yeah, that's it, HTTPS won't fix Steak!
See, I got your back @april.brandt!
S.
1 Like
Check my edit. I've clarified.
1 Like
ROFL. I can't top that for sure!
S.
1 Like
No one should do port forwarding to get external hub admin access. That's just the antithesis of any security.
I hope this is never enforced. The last thing I want is to take this easily configurable hub and turn it into something that is a pain to use. I don't want to have to click "Advanced" every single time I open a tab for one of my three hubs. And doing that constantly on mobile..
6 Likes
I can only click like on this once. But, I hope you can feel the love, Diet.
2 Likes
OK I have to ask. Does the tag "diet" mean we're going to see brief answers from you now?
Not that I don't enjoy your typically thorough answers but that tag just has me wondering.... 
S.
1 Like
There is always a compromise between security and convenience. However this is something that will pop up the first time and you check a box that eliminates the warning going forward. To say I never want to see security on something built to control lights, HVAC, appliances and locks is pretty short sighted.
I don't actually agree, honestly. A properly secured system SHOULD be ok being internet accessible. HE as it is designed right now though is not designed to do that so agreed, NO ONE should do port forwarding with the way the system is now, but with robust security, what's the harm?
I think he's suggesting it be optional.
That's not true though, Chrome brings it up pretty regularly (every 30 days?) and Safari on iOS does it even more frequently, almost every time.
It's a personal preference. I'm not a short sighted individual. Respectfully, if you have something on your LAN that can control your lights, the battle is already lost.
1 Like
What I meant too. Don't care if it's an option. don't want to be forced.
You do know the US nuclear defense system is LAN accessible on a DoD LAN, right? It is not in anyway public, but there are terminals that are on a LAN. IF the "battle is lost" because of my lights, then we're all dead because of that I guess 
1 Like
Truth is often stranger and more frightening than fiction.
3 Likes
As was I.
Security is inherently lost on any connected system, To say the battle is already lost is pretty defeatist attitude . Employing best available security measures is something I work with every day. This is basically saying that because you have had your PII compromised (if you live in the US and have credit it probably has) you shouldn't protect against identity theft.
I just want HE to give me the ability to apply what is currently considered the baseline of a secure system. A password is optional. I just want an HTTPS redirect to be available and have the ability to supply my own cert
For what it's worth, I agree with you.
I simply want it to be an option if it is ever implemented. Please be sure that you remember to challenge ideas without referring to forum members and moderators with disparaging remarks.
1 Like
Not trying to derail, but may I ask, what was disparaging, did I miss something? I actually thought this was a rather civil conversation where people disagreed and had a spirited discussion about ideas for the future of the platform.
2 Likes
With all due respect to everyone. I understand that there are many people who think Cyber security, infosec, good privacy practices are a giant pain in the rear end. And they are. The decision that has to be made by each individual is "is this PITA worth it to protect this information".
I simply want HE to give the users the ability to enchance their security posture if they choose.
1 Like
@Hasty1 I use MFA wherever I can. I am constantly jabbing one of my Yubikeys or Fido2 keys into one of my computers to gain access to something.
You already have the ability to secure your hub to whatever degree you want. Stick it on a vlan and add whatever you need that demands MFA to access the vlan. Turn off the cloud dashboards and set up a vpn for access to your hub.
