What in the world is this new ST website?


(Erik) #1

I went to login to my hub from the web, and the login redirects to here:

https://consigliere-regional.api.smartthings.com/?redirect=https%3A%2F%2Fgraph.api.smartthings.com%2F

What ni the world is this? Should I be concerned?


#2

It’s a new login process because now people might have a Samsung account instead of a SmartThings account. See discussion in the following thread


#3

I was having trouble getting to it from IE yesterday (gets hung up on the redirect), had to get in with Chrome.


(Erik) #4

Well - I think an email announcing this change would have been extremely helpful. In this day and age, any website can get hacked and a redirect is the first sign of trouble. Without two factor authentication (a horrible design IMO in the current day) a valid redirect should be 100% communicated before hand. There is no way I am putting my whole house password on a website that could potentially be redirecting my data to a nefarious third party.

Smartthings team - please be more proactive in how you manage your security and perception of how you take care of your customers data. Giving away my smartthings password would mean access to data that could be my home address, PIN codes for my door locks…you create the rest of the story.


(Kurt Sanders) #5

I agree with a “heads up” when a logon page is changed and we are redirected. This is a common trick for hackers to use and caused me about 30 minutes to verify that this was indeed a change by SmartThings and SamSung IT.

I ended up creating a needless Samsung account before realizing that all I needed to do was use my email for login! :grimacing:


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #6

:confounded: :cry: :scream: :no_mouth: :speak_no_evil:


(Robin) #7

I’m just glad they finally got rid of that ghastly V1 photo lol:


(Brad) #8

We are looking into the IE issues. Please let support know if there are other browsers that aren’t loading the sign in.


(Matt) #9

Please put both the username and password together on the login landing page. Having to enter the username, then click, then enter the password, then click again is not a good UX.

If you force two-steps to login, at least make the second step multi-factor auth. It would be a welcome addition to increase security on such an important account. It should be table stakes for home automation.


(Erik) #10

Quadrillion like if I could! Where is two factor for quite possibly the single most important secure credentials behind my bank accounts!!!