I did some searching and there weren’t too many threads on the topic - The ‘Your topic is similar to’ ‘helper’ only brought up two threads - one related and one not.
Let me start by saying that adding the authentication as a default really is a GOOD thing. I’m sure that there are plenty of people that have set up HASS, and/or other things, that ‘know enough to be dangerous’ and really don’t give thought to security and put their device with no authentication or default authentication right out there on the internet to get hacked. That being said… not being given a way to totally disable it if one wants (such as browse to the HASS machine and you’re in like with older versions vs either having to enter a user and password or select trusted network, then select a user and then log in) is quite poor, and the attitude I’ve read regarding it (Essentially, if you don’t like it, tough - code it yourself) is REALLY poor. The options available now in 0.77 and up, as someone else put it, don’t pass the ‘wife acceptance test’, or to add to that, the ‘mother acceptance test’.
I really don’t know what’s so hard about it - Plex, by default, at least now (I don’t think it always did), requires authentication (There’s one aspect of it that I LOATHE. which I’ll get to in a second), but if you add networks to the ‘Trusted Networks’, you go straight into the interface, as it should be. You don’t get prompted for anything as long as you’re connecting from a trusted network. The part I LOATHE about it is it is ‘cloud connected’ in some fashion no matter what you do - If you aren’t using trusted networks or connect from somewhere that’s not trusted, it redirects you to one of their URLs in ‘the cloud’ to authenticate - That’s no bueno as far as I’m concerned. All of my stuff is behind an enterprise grade firewall, and devices with known potential security issues and ‘call homes’, such as security cameras, are isolated and not allowed to get anywhere other than their own little VLANs. My stuff, behind my firewall, is far more secure, with no ports open to any of it, than a device that is open to the internet with authentication enabled, because once you open a device to the world, regardless of authentication, there is an attack surface to exploit. All you need is one flaw - from weak credentials to a flaw in the code that can be remotely exploited and it’s owned. If you can’t get to it, you can’t try to exploit it. As far as I’m concerned, the fact that Plex, in any way, reaches out to the cloud for anything other than grabbing movie data from IMDB or other similar sources creates a vulnerability. I SERIOUSLY hope HASS NEVER goes the route of being ‘cloud connected’ like that - or at least if it needs to end up a ‘feature’ for those that are all gaga over it (‘the cloud’), it is never enabled unless it is explicitly and deliberately enabled. Maybe make it a module or addon that you must manually add for the functionality to even exist.
I know this will probably be largely ignored, I’ll probably be told this is the way it is - like it, code it yourself (REALLY wish I could code it myself, but I couldn’t code my way out of a wet paper bag) or pound sand, but I figured I’d throw my voice out there as I’m about to toss 0.77.2 that’s on my mothers HASS and drop it down to an older version that lacks this ‘feature’. Like I said, if adding a network to ‘Trusted_Networks’ functioned the same way Plex does where you are taken straight into the interface without having to pause or click on anything, that would be absolutely fine.