I’d like to be able to access my newly set up Home Assistant remotely, and so have enabled a trial of Home Assistant Cloud. I’m not averse to paying for a subscription to help the project.
However, when I set up Home Assistant on my local network I didn’t choose particularly secure passwords.
Does this put me at risk now that I’ve enabled Home Assistant Cloud, or is it offering additional protection? For example, is the Nabu Casa URL unique and (cryptographically) random - such that nobody could guess it? Even if it is, it’s listed on a DNS server - but I don’t know enough about DNS to know whether some kind of bulk reverse lookup is possible?
As I understand it, while a certificate is created for each connection this is only used to encrypt data passing through Nabu Casa servers: A connecting client still only needs the URL and a username and password.