π Home Assistant
Get started with local smart home platform.
Security
Critical
All levels
Smart home also means responsibility. An insecure setup can give hackers access to your network, cameras, and data. Take security seriously from the start.
π Basic Security
Section titled βπ Basic Securityββββ Critical (do this first!)
Section titled ββββ Critical (do this first!)β| Action | Why | How |
|---|---|---|
| Strong passwords | Weak passwords = easy access | Use password manager, 16+ characters |
| Two-factor on HA | Extra protection | Settings β Users β 2FA |
| Update everything | Security holes get patched | Check for updates weekly |
| Change default passwords | Everyone knows them | Router, cameras, everything! |
ββ Recommended
Section titled βββ Recommendedβ| Action | Why | How |
|---|---|---|
| Separate IoT network | Isolates devices | VLAN or guest WiFi |
| Local DNS (Pi-hole) | Blocks tracking | Run Pi-hole or AdGuard |
| VPN for remote access | Secure access from outside | WireGuard, Tailscale |
| Avoid cloud devices | Smaller attack surface | Choose local alternatives |
β Advanced
Section titled ββ Advancedβ| Action | Why | How |
|---|---|---|
| Firewall rules | Control traffic | pfSense, OPNsense |
| IDS/IPS | Detect attacks | Suricata, Snort |
| Log analysis | Detect misuse | Graylog, Grafana |
π Why Local?
Section titled βπ Why Local?βHome Assistant and ESPHome run locally on your network. This is a BIG security advantage:
| Local | Cloud |
|---|---|
| β Works without internet | β Requires internet |
| β Faster response | β Slower |
| β Private - no data to vendor | β Your data sent to cloud |
| β Works if company shuts down | β Stops if service is discontinued |
| β You have full control | β Vendor has control |
π Network Segmentation
Section titled βπ Network SegmentationβKeep IoT devices on a separate network:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ROUTER ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β ββββββ΄βββββ ββββββ΄βββββ ββββββ΄βββββ β VLAN 1 β β VLAN 2 β β VLAN 3 β β Primary β β IoT β β Guest β β β β β β β β PC β β Sensors β β Guests β β Phone β βββΊ β Cameras β β β β HA β β Bulbs β β β βββββββββββ βββββββββββ βββββββββββπ Password Best Practices
Section titled βπ Password Best PracticesβGood Passwords
Section titled βGood Passwordsββ Bad: password123β Bad: MyDog2024β Bad: qwertyβ
Good: correct-horse-battery-stapleβ
Good: Xk9#mP2$vL8@nQ4&Use a Password Manager
Section titled βUse a Password Managerβ| Manager | Price | Comment |
|---|---|---|
| Bitwarden | Free | β Recommended, open source |
| 1Password | $3/mo | Polished, family sharing |
| KeePass | Free | Offline, full control |
π Secure Remote Access
Section titled βπ Secure Remote AccessβWant to access Home Assistant from outside? Do it securely:
| Method | Security | Difficulty |
|---|---|---|
| Nabu Casa | βββββ | Easy |
| Tailscale VPN | βββββ | Easy |
| WireGuard VPN | βββββ | Medium |
| Reverse proxy + cert | ββββ | Hard |
| Port forwarding | β | AVOID! |
π Security Checklist
Section titled βπ Security ChecklistβAt Installation
Section titled βAt Installationβ- Change all default passwords
- Update firmware on all devices
- Enable two-factor on Home Assistant
- Use HTTPS (automatic with Nabu Casa)
Monthly
Section titled βMonthlyβ- Check for updates
- Review active users
- Check logs for anomalies
- Backup configuration
For New Devices
Section titled βFor New Devicesβ- Research manufacturerβs security practices
- Prefer devices without cloud
- Update firmware before use
- Place on IoT network
π Next Steps
Section titled βπ Next Stepsβπ§ ESP32
Build 100% local sensors yourself.