Andrew Posted May 11, 2015 Posted May 11, 2015 I'm still feeling my way around as I have some devices on their way... Anyway, just wanted to say how much of a royal PITA it is to have to log in every time! : ) Is there another way (besides a $$$ app) that will let me log in from an iPhone or iPad without having to type everything out each time? thanks Andrew
Michel Kohanim Posted May 11, 2015 Posted May 11, 2015 Hi Andrew, Unfortunately if you are on a remote IP, the only way is to have a valid certificate so that your browser caches the userid/password. This said, are you certain you want to be able to have auto login remotely? With kind regards, Michel
Teken Posted May 11, 2015 Posted May 11, 2015 Hello Andrew, I am not sure if this is something that would interest you for a iOS App. The author is a ISY user and has generously offered this free Application to login and control your Insteon network. Its very simple and straight forward and offers just a plain UI give it a try assuming this is something your after. http://forum.universal-devices.com/topic/15922-ctrlhome-released-with-support-for-ipad-iphone-and-apple-watch/
Andrew Posted May 11, 2015 Author Posted May 11, 2015 Good afternoon guys - Michel - I'd like an "easier" way - say, a 4-digit code, like Dashlane or something. I'm not sure what the security implications of allowing this type of remote login other than the 4 digits being easier to crack. Is that your main concern with automated remote login? While remote login is the primary purpose, it's also a good way to quickly get access when at home, too. Hi Teken, thanks for the link. The app looks like a good start. Are many people here using it? I'm a little wary of how login data is being sent/collected. cheers Andrew
Teken Posted May 11, 2015 Posted May 11, 2015 Good afternoon guys - Michel - I'd like an "easier" way - say, a 4-digit code, like Dashlane or something. I'm not sure what the security implications of allowing this type of remote login other than the 4 digits being easier to crack. Is that your main concern with automated remote login? While remote login is the primary purpose, it's also a good way to quickly get access when at home, too. Hi Teken, thanks for the link. The app looks like a good start. Are many people here using it? I'm a little wary of how login data is being sent/collected. cheers Andrew Hello Andrew, This App was most recently released so there are not very many people using it. If you look at the date of the actual thread creation its only a month old. I just wanted to offer you a free smartphone application while you looked around for other solutions that might meet your long term needs. I use Mobilinc already but also wanted a dumbed down interface for a few cheap tablets hung on the wall. This (initial release) from the OP meets those simple needs.
Michel Kohanim Posted May 13, 2015 Posted May 13, 2015 Hi Andrew, With all the hacking going on it's a little difficult justifying weak passwords. This said, we will review and see whatb we can do without sacrificing security. Perhaps digital certificates. With kind regards, Michel
G W Posted May 13, 2015 Posted May 13, 2015 Michel, I feel there will be a way for a phone to pass a set of credentials that will allow instant access. Of course this will have to be discussed. Best regards, Gary
G W Posted May 13, 2015 Posted May 13, 2015 Michel, The first option that comes to mind is OAuth. I would add more security to that but it's pretty secure.
Andrew Posted May 13, 2015 Author Posted May 13, 2015 HI everyone, Thanks for all the thoughtful responses. FWIW, a 4-digit code to get access to ISY is really 8 digits if, for example, a phone has a 4-digit unlock, too... (That may be more applicable for an app though. Not sure) Just saying.
Michel Kohanim Posted May 14, 2015 Posted May 14, 2015 Hi Gary, OAuth requires ISY to be always available/accessible on the Internet (the server has to call ISY back). Hi Andrew, we'll check into it. With kind regards, Michel
MWareman Posted May 14, 2015 Posted May 14, 2015 Michel, I hope you'll consider an oAuth api via your portal (as a proxy) once complete to allow this kind of thing.. That being said, I know of no reason why a mobile app developer couldn't: 1) ask for username and password. 2) generate random salt 3) encrypt salt with username and password with a pin 4) decrypt with pin entry on app start 5) delete encrypted days when pin entered incorrectly, say, 3 times. Seems secure enough to me. Personally, for web access, I have a very strong randomly generated password stored in a lastpass vault. It auto folks the password dialog, so I don't have to worry about it. Michael.
G W Posted May 14, 2015 Posted May 14, 2015 Hi Gary, OAuth requires ISY to be always available/accessible on the Internet (the server has to call ISY back). Hi Andrew, we'll check into it. With kind regards, Michel Michel, I was thinking about using an OAuth server. Gary
Michel Kohanim Posted May 15, 2015 Posted May 15, 2015 Hi Michael/Gary, We will definitely consider and implement oAuth on the server. There's really no reason not to. With kind regards, Michel
G W Posted May 15, 2015 Posted May 15, 2015 Hi Michael/Gary, We will definitely consider and implement oAuth on the server. There's really no reason not to. With kind regards, Michel Hi, Michel, I suggest we start a discussion with Using and developers to lay out ideas on how security and phone apps could work. I'm interested as I'm working on an app for Android phones and tablets, which could easily be ported to Apple phones and tablets. Best regards, Gary
Andrew Posted May 15, 2015 Author Posted May 15, 2015 This is great news guys. BTW seeing this type of discourse in the forums before buying my ISY is one of the things that was a really good sign...
Michel Kohanim Posted May 15, 2015 Posted May 15, 2015 Hi Gary, I am all for it. How would you like to proceed? With kind regards, Michel
edokid Posted June 8, 2015 Posted June 8, 2015 I was just having this issue when I got my new Android phone. Don't want to buy MobiLinc as I never even use it on my iPhone but it's a pain having to log in with admin admin on the app. ISY is very complicated to access on your phone remotely, where Indigo or Vera will just save your password. Even using EyezOn for my DSC alarm it's a one click link that logs in, no username or password. It should be up to the user what they want, if we don't want a password then we should be able to disable it.
G W Posted June 8, 2015 Posted June 8, 2015 I was just having this issue when I got my new Android phone. Don't want to buy MobiLinc as I never even use it on my iPhone but it's a pain having to log in with admin admin on the app. ISY is very complicated to access on your phone remotely, where Indigo or Vera will just save your password. Even using EyezOn for my DSC alarm it's a one click link that logs in, no username or password. It should be up to the user what they want, if we don't want a password then we should be able to disable it.Use chrome and tell it to remember the password.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.