Does Home Assistant Cloud offer additional security beyond passwords?

I’d like to be able to access my newly set up Home Assistant remotely, and so have enabled a trial of Home Assistant Cloud. I’m not averse to paying for a subscription to help the project.

However, when I set up Home Assistant on my local network I didn’t choose particularly secure passwords.

Does this put me at risk now that I’ve enabled Home Assistant Cloud, or is it offering additional protection? For example, is the Nabu Casa URL unique and (cryptographically) random - such that nobody could guess it? Even if it is, it’s listed on a DNS server - but I don’t know enough about DNS to know whether some kind of bulk reverse lookup is possible?

As I understand it, while a certificate is created for each connection this is only used to encrypt data passing through Nabu Casa servers: A connecting client still only needs the URL and a username and password.

Not much beyond simple reverse proxy.

Use a strong password.

You can enable 2FA on an account. That’s directly supported on a per account basis. That isn’t Nabu Casa offering that, it’s native to HA itself.

Thanks, both. A strong password and ideally 2FA sound like the best answer.

A follow-up question: is there any security risk in having accounts with insecure passwords that are not enabled for remote access?

If the account is configured to only allow local network login, then a weak password is “ok”. Even then, I would recommend against just from the point of view of that not being a best practice.