2 Messages
Need multiple app logins
Why is there no way to create a login for my family without giving them the master account ? Every major alarm company I've used had this feature and I mistakenly assumed SimpliSafe would have something similar.
2 Messages
Official Response
davey_d
Community Admin
•
5.6K Messages
3 years ago
Hi castewa88 et al,
There is a little bit of a workaround for that particular MFA issue, in that you can actually set multiple phone numbers to receive the confirmation texts. So whenever anyone tries to log in, everyone gets notified.
And yep, we've had quite a few requests about multi-user logins. I definitely forward all your requests, and the more of them there are, the higher priority it becomes to our dev team. So keep 'em coming!
As for that duress scenario - unless you're in a scenario where an intruder would be watching you closely for a whole, they wouldn't necessarily know that you normally use the app to disarm your system. So you could still use the Duress PIN via your Keypad.
However, duress via app is another great idea.
(edited)
3
whoaru99
1.3K Messages
3 years ago
This has been a longstanding request with no indication if or when it will ever be addressed. So, much as SS works for me, if this is a showstopper for you then returning the system is, unfortunately, your only real option unless you're willing to live with it this way indefinitely.
0
0
castewa88
24 Messages
3 years ago
A second complaint is smart locks that too often get stuck in a state of "not responding". (I've tried tons of replacements. None of them have fixed the issue.)
The third, and biggest security gap in my opinion, is that the app does not require a PIN to take actions on your system. Imagine the bad guy who meets your wife in the carport when she gets home and forces her to use the app to disarm the system. Or the person who breaks into your house and forces a system disarm via the app. No chance to use the duress code, because there's no system PIN required. The SimplieSafe app could be used to circumvent needed security in lots of similar and scary scenarios. (You can configure the app to use a PIN, but that's not the same thing.) I'm shocked that this security hole exists in the system and no one seems to care.
0
castewa88
24 Messages
3 years ago
I think you miss the point about the app not requiring a PIN. It's reasonable to think that a "bad guy" can know enough about SimplieSafe to know that the system can be disarmed using the app regardless of whether the person normally uses the app to disarm the system. And it's certainly reasonable to assume that most anyone who has SimplieSafe likely uses the app. All that bad guy then has to know is that using the app will disarm the system without a PIN thereby bypass the victim's opportunity to use the duress PIN. With that basic, or at least pretty easy to learn, knowledge, a perpetrator could catch any SimplieSafe user before the system is disarmed (whether indoors or outdoors) and force them to disarm the system via the app. The alarm ends normally before the end of the entry delay. The bad guy wins.
0
0
whoaru99
1.3K Messages
3 years ago
If somone has done enough due dilligence to stake you out and try the scenario previously described, it seems plausible they are also smart enough to force the disarm remotely while a partner in crime stakes out the property. If you "disarm" and the cops show up, they just hang back until then scene clears then do their dirty work.
It's easy to daisy chain a bunch of "what ifs" into a worst case scenario, and there are any number of ways security systems can be defeated. The key difference between possibility and probablility.
0
0
castewa88
24 Messages
3 years ago
0
0
whoaru99
1.3K Messages
3 years ago
Don't get me wrong, if SS can add it I got no problem with that. I just don't share the same "big hole security flaw" sentiment in the grand scheme of SimpliSafe system.
0
0
davey_d
Community Admin
•
5.6K Messages
3 years ago
Yep, I agree with whoaru99.
The original intention of Panic-type alarms (including the Duress signal) is for when someone is on the premises and needs help immediately. So that would be what's relayed to our Dispatch team, and their protocol accounts for that.
But as I mentioned, I'm still passing this on to our devs. If there's a solution that's possible, someone way smarter than me in the engineering team can figure it out!
(edited)
0
0
castewa88
24 Messages
3 years ago
It sounds like we agree that the intent of the duress signal is to be usable when a person is on premises and needs help immediately. My opinion (which seems to be in the minority) is that is a bad thing if the ability to use that duress signal during an on premises attack can be circumvented due to lack of controls within the app. Security is built on layers. The system PIN layer is missing from the app.
Thankfully our worst fears don't always play out. For the most part we buy security systems as a deterrent to perpetrators and/or to give peace of mind that a home (and the people in it) are protected. Most of us will only deal with false alarms and never deal with live alarms. Most people without security systems will never really be victims of an attack that the system could or would have prevented or mitigated. But, the system adds a layer of security to our homes. When you are aware of what seems to be a design flaw in the system you use, or you are aware of ways that your system's security could be negated by someone who knew just a little about that system (and not necessarily much about you or your habits), this becomes a concern and can remove a bit of the "peace of mind" that comes from a secure system. I would think that this is something that would have a shared importance among us who are customers and somewhat "fans" of SimpliSafe.
Incidentally, adding the system PIN layer of security to the app could play a role in the lack of multiple logins which was the original topic of this thread. If the system/general/device settings were only available when you logged into the app with the master PIN, then there would probably be fewer complaints about the inability for family members to have separate logins. Having separate logins would be best, but given how long that hasn't happened most of us aren't expecting those logins to be an option any time soon. But, in order to access those settings from the keypad you must enter the master PIN. Wouldn't it make sense for the app to behave the same way?
0
0
toastie
175 Messages
3 years ago
0
whoaru99
1.3K Messages
3 years ago
You willingly give someone the possibility to totally disarm your security system, but worry that they're going to change some device settings or account information? If they are that untrustworthy or irresponsible I question the decision to give them ability to use the app at all.
Again, if SS can implement it fine, cool, awesome; whatever. But, considering you've already handed over complete disarm capability, it seems like sometimes the focus on granularity obscures the big picture.
0
0
worthing
702 Messages
3 years ago
This is just "Principle of Least Privilege" which is extraordinarily common in businesses large and small across the globe. It is considered part of best security practices. It's extremely reasonable to ask that the company providing physical security and monitoring also provide good security on the digital front as well.
0
0
whoaru99
1.3K Messages
3 years ago
0
0
toastie
175 Messages
3 years ago
yes they can use the keypad... but why? why not allow a separate log in so that a KID could have access?
I can't believe it's that hard... simplisafe just takes years to implement REASONABLE requests.... is ever....
0
0
whoaru99
1.3K Messages
3 years ago
Going back to the Principle of Least Privilege (PoLP), it occurs to me far fewer people should have the app in the first place than do because they don't actually need it. #1 of PoLP: If a subject does not need an access right, the subject should not have that right.
The biggest "access right" of all is turning off your security system.
Again, to be clear, if SS can implement, great, whatever; no skin off my arse. But, I think handing out remote disarm, regardless of blocking other access rights, violates the tenent of PoLP.
0
0