Start with Your Router
Most smarthome devices require access to the internet to work correctly. While not all devices connect directly to the internet (like z-wave bulbs), those that don’t typically connect to a hub or other device to gain internet access. So in many ways, the single most significant point of vulnerability is your router.
And securing your router should be your first step. You should change your default admin password used access the router. Update the router’s firmware if it’s out of date, and enable encryption. Always use a complicated password unique to your Wi-Fi router. With a standard (not-Mesh) router, you can accomplish all of this from the router’s web interface. All you need is to find your router’s IP address. Mesh routers, on the other hand, don’t have a web interface. You’ll make the changes from an app.
If your router’s manufacturer isn’t offering new firmware anymore, you should consider replacing it. While we usually say most people don’t need a Mesh router for their homes, smarthomes do benefit from them. You gain better coverage for all your Wi-Fi devices, and most Mesh routers automatically update the firmware and offer additional protection services as a subscription.
RELATED: Secure Your Wireless Router: 8 Things You Can Do Right Now
Use Unique Passwords for Every Device
Many smarthome devices require a password when you set them up. Usually, that involves downloading an app and creating a user account. In some cases, like Z-wave light bulbs, you’ll create a single account for a Hub to use with several devices.
Every device you create an account for should have a unique, complicated password. If you reuse passwords across services and smarthome devices, you run the risk of a single compromised unit leading to additional points of vulnerabilities across your home.
If you don’t already, consider using a password manager. Services like LastPass or Dashlane can help you create and keep track of long and complicated passwords. You might think password managers are only for saving website credentials, but you can save any kind of password in them. Additionally, you can store secure notes, files, bookmarks, and more in a password manager.
RELATED: Why You Should Use a Password Manager, and How to Get Started
Turn on Two-Factor Authentication Wherever Available
Two-factor authentication is an extra layer of security beyond the simple password. With two-factor authentication, after you provide your password, you then give additional proof of identity. Typically that comes in the form of a code, either randomly generated by a phone app or sent to you through a text or phone call.
Unfortunately, offering two-factor authentication isn’t very common in smarthome devices, but that’s starting to change. Nest and Wyze both offer two-factor authentication now. Security cameras are the devices most likely to have two-factor authentication, and you should absolutely use it with them. As one couple found out, rather than try to break through your router, an attacker may have an easier time using stolen credentials to log into the accounts associated with your smarthome devices. Two-step authentication can help prevent that from happening.
Check the apps associated with your smart devices wherever possible turn it on. We recommend pairing two-factor authentication with an authenticator app, like Google Authenticator for iOS and Android.
RELATED: What Is Two-Factor Authentication, and Why Do I Need It?
Update Firmware on All Your Devices Regularly
Just like your router, you should update the firmware for all your smarthome devices regularly. Firmware is essentially the software built into your hardware—it determines the features and capabilities of your hardware. Manufacturers regularly find problems and patch them, and often add new features along the way.
Generally, you can update most smarthome devices through an app. That includes Z-wave and ZigBee gadgets you connect to a smart hub. You’ll check the smart hub’s app for those updates.
If the manufacturer no longer supports a smarthome device you have installed, you should replace it as soon as possible. If you aren’t sure, check the manufacturer’s website.
RELATED: What is Firmware or Microcode, and How Can I Update My Hardware?
Buy Only From Reputable, Well-Known Companies
Most smarthome device you introduce into your home communicate with servers in the cloud. The question is: “who owns those servers?” When you’re looking at a recently released product from an unknown manufacturer, there’s no way to know for sure where it communicates until someone tests it. Unless you’re a security researcher who enjoys the challenge, you probably shouldn’t be the guinea pig.
And besides that, the biggest problem with smarthomes is that your devices might stop working. The company can go under, disappear, or decide to move on to a newer product and end support. Sticking with a large well-known company doesn’t guarantee that won’t happen, as seen when Lowe’s killed off Iris. But what you do get is a track record to examine. By looking over the company history, you can see how viable it is, and whether or not the company supports its products for mere months or years.
And with an established history, you can even see what a company handles failure. Wyze, the maker of some of the least expensive smarthome products you can ask for, ran into an issue where camera feed traffic went through servers in China. The company explained what happened, why it happened, and how it was going to fix it.
RELATED: Your Smarthome Setup Might Break, and There’s Nothing You Can Do About It
Don’t Access Your Smarthome from Public Wi-Fi
Just like you shouldn’t check your bank account from public Wi-Fi, avoid accessing your smarthome from public Wi-Fi. Even if you’re certain you are a legitimate Wi-Fi network, you’re potentially exposing the devices in your home to anyone listening in. It’s best not to do anything sensitive on public Wi-Fi networks.
If you need remote access to your home, either use a device with LTE (like your phone) or consider setting up a personal Virtual Private Network (VPN) to connect safely.
RELATED: Why Using a Public Wi-Fi Network Can Be Dangerous, Even When Accessing Encrypted Websites