I just had a discussion with some people who have external access to their Home Assistant (HA) setup. They use Cloudflared and 2FA and are convinced that it’s absolutely secure. What do you think, is it hackable if there are vulnerabilities in HA?
if there are vulnerabilities, anything can get hackable, so it’s not a good question.
Nothing is absolutely secure.
I’m convinced that the official Nabu Casa subscription (cloud access) is secure enough.
2 Likes
Is it hackable?
Yes.
Is someone trying to hack YOUR HA as opposed to some bank/insurance company/Google/Microsoft/etc?
Probably not.
I just got ANOTHER notice from a company telling me that my info was released due to them being hacked. My info is all over the dark web at this point between OPM, FSAFEDS, several banks, several medical providers, etc.
That is where bad actors are trying to do things. Not my HA.
I agree with @DvdNwk that Nabu Casa subscription is ‘good enough’.
If HA is only accessible via Cloudflare, then to be concerned about vulnerabilities in HA assumes somebody got past Cloudflare’s 2FA, which would be pretty big news since it’s so widely used. I have other sites with no authentication that are only protected by Cloudflare. I also geo-block all countries except mine (and the US for API access). But the only “absolutely secure” site is one where the power is off.
1 Like
When they were talking about 2FA, I though its about 2FA in HA. I did not know that cloudflare offers 2FA. If of course you need 2FA to get into the cloudflare tunnel, then it is as safe as using a VPN to your home.