Continuing the discussion from Security holes in the 3 most popular smart home hubs and Honeywell Tuxedo Touch:
As I mentioned in another post, I work in InfoSec and thought it would be useful to have a dedicated threat focused on ideas to improve the Smartthings platform as well as mobile App Security. @pstuart already did a good job capturing some below.
We need 2 factor authentication, yesterday.
We need a better api for developers to leverage to handle authentication and authorization for their apps.
We need a web interface to manage users and to revoke integrations with 3rd parties.
We should have configurable login expirations for the mobile app. iOs should support the fingerprint sensor.
I have a whole list on what Smartthings should be doing on the backend, but that is not really for a public discussion. I would like to see Smartthings expose a little bit more about what they are doing to keep our data safe.