I have a Nabu Casa subscription and remote access to my HA is working fine. However, I’m worried about the security of my login. While my HA was only available on my local network, I was happy with a simple (ie not so secure) password. While the URL for my Nabu Casa instance is extremely long and impossible to guess, I’m worried I should have a more secure password to my HA to protect against random malicious guessing of possible Nabu casa URLs.
My question is: Does accessing my HA via Nabu Casa open-up access to every login I have in my HA? So all of the logins will now need proper, secure passwords?
From a security stand point . . . I would say yes, I would not use a password but a passphrase will special characters and numbers included but no spaces. Logins hate spaces, because it does not convert correctly when encrypted.
But that just me.
The url is not secret.
You should have a secure password and preferably enable multi-factor authentication too.
1 Like
In addition to what others have said, you can also specify that a particular user can only access HA from your local network.
So, say, an MQTT user doesn’t need remote access.
templeton_nash - ah, that will help because I use http://homeassistant.local:1880/ to access NodeRed and have to login frequently. I can have a proper password for external access, and keep the simple, easy one for local access only.
thanks all - I have setup a new user for remote access with a strong password and 2FA, and retained the local-only user with simple password for normal use