@farragut0977 - in my case, I am not convinced 2FA is required vs nice to have. I don't have any indoor cameras (yet), so I see some risk if my account is compromised. I have a SS to keep the "stupid criminals" out of the house. The smart criminals aren't (in my (not so) humble opinion) going to be stopped by a SS system. I am not looking to give away what I have, but understand I could loose some "stuff."
As for your solution of the Yubikey, I don't know anything about it, including price, but requiring additional hardware by the user will increase the complaints (LESS than a data breach), not to mention the cost (dollars and time) for SS to build in the support for such a device in the backend system.
A great use case for having 2FA is if your account is compromised and the alarm is turned on and off in the middle of the night. For a home security company, this is absolutely negligent on their part.
For this discussion, losing things is outside of the scope of concern. Financially speaking, home insurance can cover losses for the replaceable items, but you're SOL for sentimental items. The main concern is that someone is able to completely control your alarm and watch your video remotely and without setting foot in your house. There are numerous videos on youtube with homeowners talking to people who hacked their video doorbells (ring or nest). The alarm system is just a one-way: the attacker can blare your alarm and you have no idea who's doing it (some kid who's playing with your phone and doesn't know what it does or an attacker).
In any case, this is a massive issue for those in and outside the house when such an event occurs. This is for the engineers: it's important to consider that not everyone wants to be watched or harassed with an alarm. I honestly cannot believe a product was released without any apparent consideration of use cases and security issues that may arise from a lack of due diligence.
For a security engineering business, 2FA should absolutely be one of the features built into the system, at the very least for web login. Whether an individual uses it or not is down to them, but no reason not to. Yubikey or FIDO would be great, but TOTP at the very least. It's free for users, and minimal to implement for Simplisafe...
Really great explanation from yelledsokiema on the reasons why...
I understand the 2FA as an added security measure but how many sites do you visit a day without it. The online account connection is encrypted before it is sent over the internet.
^ any website that contains personal identifying information, and those who also sell your PII to third parties, should be doing 2FA, there is no excuse not to. (yes, users can opt out).
We are in an era where hacking, phishing, brute force attacks and DOS attacks are the "new normal", and where everything about you is sold to the highest bidder, whether another company or an underground hive of scum. I, for one, am sick and tired of businesses not taking website security and data security seriously.
my account has been hacked and the hacker has all my info and i need the 2fa system to be activated so i can block them out and get everyone out of my email. can anyone help me?
general_kaos
753 Messages
4 years ago
As for your solution of the Yubikey, I don't know anything about it, including price, but requiring additional hardware by the user will increase the complaints (LESS than a data breach), not to mention the cost (dollars and time) for SS to build in the support for such a device in the backend system.
0
0
yelledsokiema
2 Messages
4 years ago
For this discussion, losing things is outside of the scope of concern. Financially speaking, home insurance can cover losses for the replaceable items, but you're SOL for sentimental items. The main concern is that someone is able to completely control your alarm and watch your video remotely and without setting foot in your house. There are numerous videos on youtube with homeowners talking to people who hacked their video doorbells (ring or nest). The alarm system is just a one-way: the attacker can blare your alarm and you have no idea who's doing it (some kid who's playing with your phone and doesn't know what it does or an attacker).
In any case, this is a massive issue for those in and outside the house when such an event occurs. This is for the engineers: it's important to consider that not everyone wants to be watched or harassed with an alarm. I honestly cannot believe a product was released without any apparent consideration of use cases and security issues that may arise from a lack of due diligence.
0
0
monkeyseemonkeydo
2 Messages
4 years ago
Really great explanation from yelledsokiema on the reasons why...
0
0
sh2402
261 Messages
4 years ago
0
0
coltmaster1
Advocate
•
2.8K Messages
4 years ago
We are in an era where hacking, phishing, brute force attacks and DOS attacks are the "new normal", and where everything about you is sold to the highest bidder, whether another company or an underground hive of scum. I, for one, am sick and tired of businesses not taking website security and data security seriously.
0
0
everett_23
2 Messages
3 years ago
0
0
keropi
24 Messages
3 years ago
0
0
05windbreaker
2 Messages
1 year ago
my account has been hacked and the hacker has all my info and i need the 2fa system to be activated so i can block them out and get everyone out of my email. can anyone help me?
1
0