I just discover that the 2FA is not required in the Develpoer Tools, and from Dev Tools you can easily deactivate 2FA without any additional password or 2FA code.
So the Homey is not that secure anyway!
All logins on Homey should have 2FA, and it should not be possible to deactivate 2FA without using the 2FA…
This is a real bummer as I’m setting up my alarm system on Homey which I just realized might not be that smart yet.
Can others confirm, or do I miss something?
Cheers
For me it just asked a 2fa when incognito logging in on the developer site. Pls check that it is loging in for multiple sites and you can switch easily between loged in accounts that have proven the 2fa already.
Press long on a loged in account to log out completely for all Arhom sites on that device / browser.
Up till today I did not get access to anything Homey / Athom related without providing for the 2fa token.
I enabled it since it was introduced.
I’ve been testing with other computer and luckily I couldn’t log in to dev tools without 2FA!
So it must have been my normal computer that wasn’t logged off properly!
I will continue my alarm setup!
All good and thanks for the feedbacks!
