Page 1 of 1
Two-Factor Auth on TCC App
Posted: Wed Jun 09, 2021 9:39 pm
by JonW
Is there an option somewhere to enable two-factor authentication for the TCC app? I cant find it anywhere, and concerned that my boiler controls are protected by just a password. Given that the app provides control for home security systems, this kind of application security must be possible somewhere?
Re: Two-Factor Auth on TCC App
Posted: Mon Jun 14, 2021 8:10 pm
by Richard
Two factor is present on the evohome security side, but none of the heating control apps I know of have two factor?
Re: Two-Factor Auth on TCC App
Posted: Wed Jul 21, 2021 10:19 am
by mrlm
The website does use Multi factor Authntication - the security system is controlled by a second username and password you have to use after the first one.
While this isn't as good as a rolling code MFA system, from an IT security point of view there is absolutely nothing wrong with sensible password usage.
If you reuse a password inappropriately you are at risk from a flawed system design which has plaint text password in a DB that gets leaked which can the be tried on other systems. If you don't do that then Honeywell would have to suffer the leak in two separate systems which is unlikely to happen. Providing their design is sensible it cannot be brute forced even with access to the hash.