Securing Amazon Credentials

I have setup the Alexa_media_player integration and everything works perfectly.

In the back of my mind this statement from the wiki haunts me

" WARNING: By using this, your configuration files in Home Assistant will have all information to log into your Amazon account since it will have your password and the key to generate 2FA codes. Anyone who gets a copy of your core.config_entries file will be able to log in as you. Instead of using a separate 2FA code, you can also register a 2FA app with Alexa Media Player."

Is there a way to setup the integration with it being more secure so that my credentials are safe?

Don’t use the built-in 2FA. Use an external 2FA method.

That way you still use 2FA but even if someone gets your config files they still can’t log in as you unless they also have your 2FA device (phone, email, etc).

But if you are worried that someone can get into your home network and dig into your HA machine and find your Amazon credentials buried in the hidden HA config files so they can get into your account then you likely have more to worry about than your amazon account.

2 Likes

Thanks for your reply @finity I really appreciate it. I was worried a bit because I recently started port forwarding to my HA server so I guess security was at the top of my mind.

Yeah, no problem.

And it is a valid concern once you start opening your network to the world by opening ports.

But as long as you have good protection on those open ports then the risk is lessened to a degree in proportion to the security measures in place.