iOS Network-level protection

[colinbowern]

The recent declaration that no secondary network authentication option beyond the paid HA Cloud service or VPN comes across as short sighted given the access that HA has to a home.

Given the authentication screen can pop up during connection I’m curious what makes this so challenging?

If there isn’t a sustainable option is there a self-host HA Cloud control plane that we can use to manage our own security exposure without resulting to a VPN as a blunt instrument?

Pangolin was doing a great job until a recent iOS app update which causes the auth window to close while typing. Second factor access to any API surface would help me sleep better at night that the risk of API vulnerability would be lower.

[bgoncal]

A bit more context: #1719 (reply in thread)

And there is no way to "self-host HA Cloud", Home Assistant Cloud is a product from Nabu casa, you can still expose your server however you want as long as it does not have authentication methods beyond Home Assistant provided. You can use Home Assistant 2FA for example.

Regarding Pangolin, since third-party second factor authentication are not supported, they are also not tested against and development decisions are not driven by those services needs, so for now you are limited on exposing HA to the internet and use HA 2FA or go full VPN, other options are not guaranteed to work.

I can assure you that other levels of security, including self signed certificates and others are being evaluated, I can't promise a timeline though.