9 ~Hacks~ For Keeping Hackers Out Of Your Smart Home Devices

When hackers find a way into a smart home, they can send fake alerts from a camera, watch baby monitors, and even unlock front doors. "If any of those devices is not well protected, then the whole system is vulnerable," says Denise DeRosa, founder of Cyber Sensible. One of the biggest problems with smart homes is that a wide range of devices are connected to a centralized hub that manages all of the personal data it gathers. A single weakness can expose your entire virtual life.

Unfortunately, smart homes are probably not as secure as they should be considering what could happen if a malicious actor found their way in. That's pretty scary but don't smash your Alexa, yet! There are plenty of measures you can take — from strengthening passwords to segmenting your network — to turn your smart home into a smart fortress.

In the past, hackers have analyzed passwords collected from large-scale breaches in order to build tools that can be used to anticipate the patterns of passwords that people frequently use. Many people, for example, will incorporate the name of their dog and/or the four digits of their birthday so it won't take many tries to break in. Instead, try stringing together a few words that don’t bear any relationship to one another.

It’s best to have passwords that are at least 12 characters long with special characters or capital letters scattered throughout. So, for example, if I were to set a password for my Nest account I might try "almond,Dream!tidy." I selected three words at random and added special characters and capital letters with no identifiable pattern. According to Dashlane's password tester, it would take someone 610 trillion years to crack that code.

"In a lot of cases, [hackers] are not trying to guess your password, they're trying to get you to tell them," says Aaron Emigh, co-founder and CEO of Brilliant. Phishing emails will invite you to a site that looks and behaves like a normal site in order to trick you into entering your username and password. Alternatively, hackers will steal millions of passwords from a company that doesn’t follow good security practices and use those passwords across different services. In either case, it'll be a lot more difficult for them to gain access to other aspects of your virtual life if your password is different from platform to platform.

Most upgrades involve some tweaks to the security system so you want to get each and every one onto your device.

Password managers will not only store and encrypt all of your passwords, but they will also evaluate them for weaknesses. Furthermore, these extensions will offer randomized passwords in order to eliminate the guesswork of creating new passwords for new accounts.

It's understandable that you usually hit "allow" every time a new app asks for permission to your data, but most don't need your location, voice, and camera to function. "Make sure that you're not sharing more than you need," says DeRosa. It's especially important to be vigilant of your smart device's privacy settings. Smart speakers, for example, often keep track of personal information such as your home address, voice recordings, and routines. You can easily remove this information or disable the sharing of this information in the privacy settings of the corresponding app.

Emigh, who previously consulted for the Department of Homeland Security, says that proper cybersecurity always calls for layered protection. "You need to make sure that you have security operating on many levels so that if they manage to find a flaw in a security system, that doesn't mean that they have the keys to the kingdom and can do anything that they want," he says. With two-factor authentication enabled, new logins will require both a password and verification through text, email, or an app notification.

Giving your whole family access to your personal account leaves you exposed on a whole new level. Do your best to encourage them to take similar steps in protecting their devices. Better yet, Google's head of security and privacy recommends that you create a Family account so that you don't have to share your personal credentials in order to let your housemates use the devices.

We're getting into the nitty-gritty stuff but most consumer routers are pretty insecure. First off, change the default username, password, and network name to something unique. Emigh also recommends that you set your network encryption type to WPA3, WPA2, or at least PSK. To take it a step further, you can actually segment the network into several subnetworks: one for your smart home devices, one for your guests, and one for your personal devices. That way, one device's crummy security won't expose the whole network.

Obviously smart home devices make our lives easier and more efficient in many ways, but it's worthwhile to consider just how important they are to our lives. "Sometimes we use these devices because we can and not because it's the best or the safest or the sanest option," says DeRosa. Checking up on your pet or children from a monitor while you're away from home may provide some peace of mind, but it also opens you up to unwelcome sleuthing.