Two Factor Authentication for ALL STs environments?

2 factor auth would be a GREAT way to further secure our accounts. For those of you who may not know what 2 factor authenticaion is, it is a way for STs to authenticate you upon login through a second source. Generally there are three types of authentication someone can you. 1st, 2nd, and 3rd factors. There are some new 4th and 5th factors as well but 1st, 2nd and 3rd can be summed up easily this way:

  • First factor is “something you know”
  • AKA - Password
  • Second factor is “something you have”
  • AKA - RSA passcode/Phone to send a additonal login code to
  • Third factor is “something you are”
  • AKA - Fingerprint, eye scan, dna

Right now we all use first factor auth to login to the IDE and the SmartApp. I’d love to have STs add Second factor auth to any initial login that we process. So anytime you login to the SmartApp or IDE you would need your cellphone to receive an additonal passcode texted to your cell in order to login.

Maybe @Ben, @Urman, @tyler would be good people to help answer this, but i’m trying to gauge if people agree with me before I start barking up some trees for something that only I may want.

Do people agree with me? Please feel free to share your comments below.


I’m all for two factor authentication, I use it on many services already and wish more would offer it. Makes a person feel better especially with all the username and/or password leaks. Many people use same/similar username and passwords so if you forget to change all them when something like that happens you could be in trouble. Whereas with 2 factor it’s almost a non-issue, while you should still change your passwords you don’t have to stay awake at night wondering if you’re in trouble.

1 Like

I really think 2FA should become a standard. It is relatively easy to implement. (I manage 2FA at my company)

This is basically true. Obviously no system is “fool proof” but 2FA accounts are MUCH more secure then ones without 2FA.

Yes it should, I would imagine in the coming years we’ll see companies sell 2FA solutions similar to the way they sell SSL solutions.

Exactly why I said almost.

1 Like

They already do. Check out Duo and Authy

1 Like

I’m all for two-factor authentication. I’ve turned it on everywhere I can.

1 Like

Was literally just about to post this.

Also… RSA

I’m aware I have a couple customers using Duo

I use 2FA everywhere and given how all these things are part of our houses, I’d like to see this too. It’s too important to ignore anymore and I’m sure not too hard to implement.

1 Like

@ben @Tyler

2FA on the roadmap? Please say it is.

1 Like

+1 for 2FA here, especially since it’s monitoring and controlling more and more of my home.

Good old TOTP (Time-Based One Time Password algorithm) would be great. Google Authenticator is a common client implementation, but there are several other smartphone apps (DUO also does TOTP in addition to its push authentication) and even clients for the Pebble watch.

On the server side, there are open-source implementations available in various languages.

1 Like

Considering physical door security is at stake, this should be a top priority in next phases.


Definitely agree! This is a must-have for many of us!

1 Like

+1 on this. I monitor and control a safe room and am considering stopping that because I don’t see this as a secure solution.

1 Like

I’m going to add to the chorus here. 2FA should definitely be an option. I have 10 in my Google Authenticator app already!

1 Like

I think more companies need to have some “balls” and force 2FA on people. You want to use our product? You must have 2FA.

I’m surprised it’s not more widely used even the less secure ways like, txt a passcode, send email or voice message with code each time a login is attempted.


Two Factor Auth for Home Automation seems like a default that should have been implemented from the beginning. Nothing like securing your home with all of this automation and have it be protected by a simple password.


I absolutely agree, 2FA should be the default for a system that can monitor my cameras and unlock my doors.

We have implemented in our systems we develop. One key thing, however, we have run into is consumer education with support for 2FA and how to use. For all of us tech types its really important. For average joe, which surprises the heck out of me, is confused by it if not annoyed by it.

LOL, our lead developer gets annoyed everytime he hits AWS console and has to dig out his phone. We love that sideshow.

I expect adoption to grow even among the non-tech savvy over time…

As a user, I use everywhere I can…especially like Authy.