[REQUEST] User selectable Z-wave security levels in order for associations to work

Z-wave associations are a very important feature for 2 main reasons:

  1. Buttons can send commands directly to light bulbs, so if Homey isn’t working the lights can still be controlled.
  2. Dimming works way better using buttons (e.g. by long press).Gradual dimming using flows is slow, uneven and unresponsive, and/or Homey disables the flow for firing too often.

Also, currently zigbee has no good working alternative that Homey supports and works for all zigbee devices.

As of version 7.0, Homey supports more z-wave security levels. That is great for locks and such, but not so much for associations. Because associations need the same security level for both devices in order to work.

As not all devices support the same security level, and Homey picks the level, associations are basically broken now if both devices have different security levels. That is why it is important that users are able to select a lower security level for devices that do not require premium security, so they can pick the level that both devices support.

Also important to note, that at this time developers are also not able to implement a way to lower security for S2 supporting devices either.

As I really want to be able to support dimming by long press and no longer can do that anymore, and because I experienced Homey outages more than once, I think this is really, really important to get right.


Second that !
It’s required to be able to use slats setting in walli and v3 rollershutter as well.


Just a post to push the thread back to the top… :wink:


Bumping for Homey Attention!

As “Includesecure: false” is no longer working, I see there is a new thing called “requireSecure”: true" tried with “false” with no success. So if anyone know if there is any new way in manually changed code to force unsecure inclusion, please tell me :slight_smile:

1 Like

Didnt try but maybe putting wrong pincode or discard will backfall to non-secure inclusion ?

Most devices I got don’t ask for a pin.

1 Like

Yes I have tried that with a new device I got with sucess (00000), the problem is all other devices that don`t ask for it as Edwin says.

That will be the S0 and S1 level devices, which is the majority of them. So there is a stale there. :roll_eyes:
Basicly comes down to compatibility/supported functions and way slower network that causes delay and outages. Which is imho the wrong choice made in security vs usability.

Not exactly. There are 2 different S2 standards:

  • S2 (Unauthenticated)
  • S2 (Authenticated)

Afaik, S2 (Unauthenticated) also doesn’t need a pin.

It is indeed S2 unauthenticated I am talking about, S0 gets added unsecure nowadays and can programmatically be forced to include secure by an app developer. But S2 unauthenticated cannot be forced to something else.

For S2 there is a flag that can forbid unsecure, which sees to be of little use as s2 is selected anyway by Homey.

Yes correct. Pincode and ‘pin’ are not the same thing. Pincode is a extra layer for using pincode on locks etc. Where ‘pin’ is a part of the key on the device used for authentication for the security level, the unauthenticated is still secure include. S0 is insecure inclusion by default, but can use pincode . Sx is insecure and same as S0 nowadays. Anyway we need S0 inclusion as an option.
Problem is S2 is mandatory and CAN be changed to lesser level S0 but it need an option for that which we don’t have and according to new z-wave alliance docs is not allowed.

Did you already sent this to support@athom.com?

I did

Yes, but as always they will not reply to feature requests.

hello, are you sure that by entering a false pin for example: 00000 the inclusion is not secured even with version 7 of Homey? So real, in this case, we can resume the “workaround” of @AK47 to close and open the slats of the Venetian blinds by sending a Hexadecimal code via the Zwave “card”: send raw command for the Fibaro Roller Shutter 3… Can you confirm … ??? thank you

1 Like

All devices I have use S2 unauthenticated and do not ask for a PIN, so there’s now way to interact with the pairing process.

Yes but I ask you if I enter a wrong PIN (eg 00000)on the Fibaro “Roller Shutter3” (which require for a PIN), will the module be included in an unauthenticated way? which would allow we to use the Zwave “card”: “send raw command”

Try and you know?

How would I know?

As Inspiration for Athom, how it can work. :grinning: