I am opening up the ports for my Hass.io to the public internet. Not sure that is safe.
I see that there is a Hass.io System Generated admin user in the installation. I am wondering if that user has a password set, or even a default password that might be available for all online, so that it leaves a gaping whole right into my installation.
If there is a default password, what is it? Can I change password for that user? Can I block that user from logging in?
I wouldn’t do it then. To be honest I have only 1 port open for the public and that is the port to my local VPN. I can highly recommend that route, but it’s a personal preference.
If you need HA to be available outside your home you can take Cloud to a test drive for a month (there is no credit card needed). Afterwards, if you still need external access, you can either:
continue with a paid Nabu Casa subscription (least amount of effort, top security);
set a Nginx reverse proxy (free but requires a little effort; not really complicated but still can mess up everything if not done properly);
use a VPN (OpenVPN, Wireguard, etc) (best if you don’t need to give access to components such as Google Home or Alexa; still, you might not be able to install the VPN client software on all devices, such as a corporate device without admin rights or a commonly used pc);
use Tor (a good of mix of anonymity and STO - security through obscurity);
other options that are presented on forums, more or less complicated;