Passwords and smart homes

Introduction: Why Good Passwords Matter

Yawn... another lecture on why your password is bad. But before you click away, lets talk about something important: your smart home security. Weak passwords are a major reason why smart homes get hacked. So, lets dive into what makes a strong password and how you can protect your devices.

The Problem with Weak Passwords

According to OWASP (The Open Worldwide Application Security Project), weak passwords are one of the top reasons smart homes are vulnerable. Johnston, N. (2018) pointed out in an online presentation that weak, guessable, or hardcoded (unchangeable) passwords can leave your smart home devices wide open to hackers.

Default Passwords: A Hackers Best Friend

Many smart home devices come with default passwords that are easy to find. Websites like defpass.com let you look up the model names of devices and see the default passwords assigned by manufacturers. If you are using one of these default passwords, you are practically handing hackers the keys to your home.

Common Passwords: Dont Be a Statistic

There are also lists of the most common passwords floating around the internet. If your password is on one of these lists, its like putting a welcome mat out for hackers. A 2014 report from Mashable found that 73,000 webcams were exposed online simply because people didnt change their passwords. Not good!

The First Step: Change That Default Password!

When you get a new smart home device or router, the very first thing you should do is change the default password to something strong. But what does “strong” mean? Lets break it down.

What makes a good password?

Password Security Tips:

1. No Personal Information

  • Avoid using your name: Dont include your name or any part of it. Hackers often try your name when guessing passwords.
  • Steer clear of easily guessable info: This includes your birthday, your pets name, or your favorite food.

2. Make it Random!

  • Use letters, numbers, and symbols: A good password should include a mix of upper and lowercase letters, numbers, and special characters (like !, @, #).
  • Make it long: Use at least 20 characters. The longer, the better! A long, random password is much harder to crack.

3. Dont Reuse Passwords

  • Unique passwords for each account/device: If a hacker gets into one account/device, they can try that password on others. Dont make it easy for them!

Storing Passwords Safely

“But I dont want to make my password too strong; Ill forget it!” Heres the deal: theres no such thing as a password thats “too strong.”

1. The Wrong Way to Store Passwords

  • Don't write it down: Sticking a post-it note with your password on your desk is just asking for trouble. Anyone can see it!
  • Don't use notebooks: Writing passwords in a notebook isnt much better. What if you lose it?

2. The Right Way: Use a Password Manager

    The best solution is to use a password manager, why?

  • Secure storage: Password managers encrypt your passwords, making them unreadable to anyone who doesnt have the key (which is usually a master password).
  • Convenience: They can generate strong passwords for you and even fill them in automatically.

3. Recommended Password Managers

  • ProtonPass: Free and easy to use if you have a Proton account. It also respects your privacy.
  • LastPass: Offers a subscription service but has a free version too.
  • KeePassXC: A free, offline option that gives you more control without needing an account.

Conclusion: Take Action

Now that you know how to create and store strong passwords, its time to take action! Change those default passwords, create unique and complex passwords for all your devices/accounts, and consider using a password manager. Your smart home security depends on it!

References

Haldolium (2015). Enter Your Password Image & Photo. Available at: https://www.bigstockphoto.com/image-339326323/stock-photo-enter-your-password-concept-screen-with-a-password-box-and-asterisks-abstract-blurred-background-bl (Accessed: 10 March 2025).

Johnston, N. (2018). OWASP IoT Top 10. Available at: https://owasp.org/www-chapter-toronto/assets/slides/2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf. (Accessed: 17 December 2024)