S2 Authentication Question

Pretty new and have what might be a dumb question, however, I pretty much only use Inovelli and Zooz dimmers and switches, some I have entered in the S2 code and some I did not and just skipped it. If I do not authenticate S2 do lose any features or functionality ?

Thanks

1 Like

No, most of us don't use encryption at all except for locks and garage door stuff. You lose no functionality but do gain a bit of processing overhead (s2 isn't bad, s0 is the worst, avoid if possible)

5 Likes

I appreciate you asking this question, because it was very much on my mind as I paired multiple devices during my transition over from Vera (which lacked S2 compliance SFAIK).

Not knowing what was expected, nor where to find the required info to input, I also "Skipped" each instance, figuring things would work okay. Did so with my Yale deadbolt as well.

I'm not even entirely sure what benefits S2 security brings to the table, though I do see security-conscious users mention it often. Is it analogous to, say, how WPA represents a stronger WiFi encryption protocol than the old WEP? And, if so, are non-S2 devices at any (significant) risk of being compromised somehow?

Just being curious now.

1 Like

I have seen lots of conversations and theories talking about how one device could compromise your entire network. That being said I do not think I have ever seen anyone actually post here that there house got hacked through their smart plug or something.

Most of the reasoning I have seen just says s2 uses less traffic and therefore doesn't bog your mesh down as much. I am sure the exact details on the differences is fascinating, but nothing I understand.

just my 2 cents.

3 Likes

Makes me wonder whether you can somehow "promote" a device from non-S2 status to full S2 without unpairing and re-pairing it. I somehow doubt this is possible, though.

It depends on if you consider the Replace option an unpair/re-pair process...

IF, during the Replace process the S? popup is shown, then of course you should be able to pick any option.

It's a big IF.

I just haven't done enough S? devices to have a high confidence answer.

2 Likes

The Big reason I asked this question was because I read on a thread that the Ring G2 contact sensor needed to have S2 authenticate or it wouldnt work properly, thought that maybe true of all S2 device. I have installed several Zoozs and it is a pain to get S2 to activate, so I just skip that step.

1 Like

Essentially s2 is AES256 encryption. Lets assume someone was sniffing z-wave signals outside your home..(unlikely) Unencrypted packets would show that you're bathroom light turned on... Encrypted packets would not be able to be seen in plain text so that person wouldn't know you just entered the bathroom (without looking up from his laptop and seeing the light upstairs come on). This is why most of us only worry about encryption on locks and garages.

2 Likes

Just make sure they don't connect at s0.... They'll crash your mesh like a drunken fratboy...

1 Like

So in this example, I'm guessing that a Security mode of "None" (as listed in the HE Z-Wave details page) is equivalent to plain text. I have one device that is listed as "S2 Unauthenticated." Where does that sit in terms of security (or lack thereof)?

Beat definition is here. But as I've said before. Most of us only use encryption on door locks and garages.

3 Likes