There are few things more convenient than an automated home. In addition to keeping a property safe, it simplifies everyone’s routine so residents can get more done. But hackers have noticed just how much there is to be gained from corrupting a home automation system, and it’s prompted them to devote their time to figuring out a way in.

Protecting your castle: Home automation and password security #IoT

Residents who haven’t been paying attention to the strength and security of their means of authentication — their PIN codes and passwords — may be surprised to find that bad actors have. 

What’s at Stake

The most obvious threat a homeowner has to worry about when they set up their home automation is a standard break-in. Once a thief knows the PIN to the front door or the security system, they’re free to come and go as they please. Researchers at the University of Michigan were able to break into a brand-name home automation software — and they were shocked at just how easy it was to do.

Criminals today aren’t just after money and jewels, they’re after personal information as well. With so much data available on the internet, the black market has exploded with bad actors who have no interest in getting a legitimate 9 to 5. These hackers may be looking for something as simple as home behavior patterns (e.g., when people leave, how long they’re gone, etc.) to information like bank account numbers or insurance details that can then be exploited online. 

Password Fatigue

Everyone knows what it feels like to have to sign up for an account and pick a password. We’re asked to do it so often that shortcuts are common and duplicate passwords are practically the norm. One in five people in a commercial enterprise has a password that’s classified as weak, and personal password use doesn’t fare any better. It may be incredibly easy to remember the password 123456, but it’s also incredibly easy to hack.

It makes sense that people don’t want to take the chance that they’ll forget a password. After all, it’s not easy to come up with unique password after unique password. It’s also exceptionally annoying when passwords have to be reset, not to mention that it slows us down as we try to remember the matching password for a site. However, it’s also one of the best ways to keep the wrong people from accessing the home automation system.

How to Make It Work

Home automation really can’t be taken lightly. Even if the homeowner is only using it to raise and lower their blinds to keep heating and cooling costs down, it’s risky to take chances. All passwords should follow a few general rules.

  1. Passwords should be “long and strong”: in general, the longer the password string, the stronger the password.
  2. Passwords should not include any personal information, like pet names or significant dates in your life that would give someone a hint to what your password is.
  3. Passwords should be a combination of upper and lower case letters, with numbers and special characters being the rule and not the exception.

Many sites today won’t allow their guests to go any further without meeting these restrictions. An additional security element that should be used whenever offered by a site or account is two-factor authentication (2FA).

Of course, homeowners need to find a way to manage their passwords. Password protection can be fairly low-tech. For example, writing down all of the passwords, and then storing them in a locked drawer or a safe.

Online, it’s usually safer to opt for a more sophisticated method that also has other advantages like being accessible even away from home. While property owners can’t control the automation software they buy, they do have ways to take smarter precautions for better, safe outcomes. 

A Better Solution

The password problem is so universal that there are companies devoted to making it easier for people to do their part. A user only has to set up their information once with a password manager like Sticky Password, and then they can relax.

This service not only generates new — complicated and unique — passwords for each home automation account, but remembers everything so the owner doesn’t have to. Owners can access all of their information whether they’re on a tablet, smartphone, or standard laptop or desktop.

About the author

Founder and team leader of Unity Home Group, Ryan Tollefsen has a keen interest in home automation and security. Ryan specializes in negotiating offers, marketing, managing the team, setting goals and achieving them.