Securely adding a person and device

Hi. I’ve not yet found any posts on this topic. I’m concerned about securely adding a person and/or device. The concerns are:

A) Right now it seems too easy open the app and log in on several of my phones using my own credentials.
B) if/when someone either picks up my phone and adds them self to my home/account and gains control.
C) or hacks my password and gains control or otherwise change settings.

I’m thinking the following can be done similar to how Google and Microsoft detects logging in from an unknown phone/device:

  1. Notify the existing users that someone has just logged in to my home/account from a new device, and allow existing users in my home/account to grant/deny permission to that person/device until someone approves it. It’s being paranoid, but understandably so.

  2. Right now, I can easily open the app to do whatever, and I don’t have the option to set my home/account to prompt for credentials, password, pin, etc. While convenient for me to just pick up my phone and work with the app without any credentials or pin prompt, anyone could grab my phone without my knowledge, even for a few minutes, and make changes or add themselves, etc.

If there is an existing solution to this, please guide me. Otherwise, this seems like a priority feature to add, please. After all, it’s my home and my wireless locks to my front door we’re talking about. :slight_smile:

(True, I realize I have the option to not have wireless locks, and I have the option to lock my phone(s) so anyone can’t pick up my phone and go into the app. But, the issues above exist, and would likely gain higher respect and trust by users and future customers.)

Thanks for reading.

Two-factor authentication of some kind is definitely needed and it has been discussed before, but I don’t think there were ever responses from ST (ex. Two Factor Authentication for ALL STs environments?). As for #2, I prefer just relying on the authentication required to unlock my phone, rather than another step when opening SmartThings, but I could see how some may prefer this.

2 Likes

Having the option for both features is useful, and always there if the user wants to use it. I hope to hear acknowledgement from SmartThings Devs too. Thanks.

@Sam2b it sounds like most of your concerns can be addressed my simply having a pin or passcode on your smartphone and any other device that has access to your SmartThings account. Also if you are setting up your home automations well and are using the key fob for presence detection there is very little reason to have the SmartThings app installed. Finally, if you logout of the app when you are done with it, it will prompt you to log back in. These are all steps you can do now so you can feel safer with SmartThings in your home.

1 Like

Unless your mobile OS sucks when you lock your phone. (iOS). So I share concerns too. I just go out of my way to always keep it on me.