If I create 100 users (not allowed to open the door) with my admin user, will the device/application be more secure? Will it be harder to decrypt data? Will the hacker not know which user has unlock privileges? Or will this have no effect? I can create 1000 users, but will the device/application still NOT to be more secure?
Answer: No , adding many accounts that are disabled will not make your smart lock more secure. In fact, it may actually decrease the security of your smart lock. Here’s why:
- Increased attack surface : By adding more accounts, you are increasing the potential attack surface of your smart lock. This means that there are more entry points for hackers to gain unauthorized access to your device. Even if all the accounts are disabled, they can still be used as a point of entry for malicious actors.
- Maintenance and management challenges : Managing multiple accounts, especially if they are disabled, can be a challenge. You may need to spend time and effort to keep track of which accounts are enabled and which ones are not. This can lead to oversights and mistakes that can compromise the security of your smart lock.
- False sense of security : Adding many disabled accounts may give you a false sense of security. You may think that because all the accounts are disabled, your smart lock is secure. However, this is not necessarily the case. Disabled accounts can still be vulnerable to attacks, and they can provide a backdoor for hackers to gain access to your device.
- Confusion and errors : With many accounts, there is a higher likelihood of confusion and errors. For example, you may accidentally disable the wrong account or enable the wrong account. These mistakes can compromise the security of your smart lock.
- Lack of centralized management : Smart locks typically do not have centralized management capabilities for managing multiple accounts. This means that you may need to manage each account individually, which can be time-consuming and error-prone.
In conclusion, adding many accounts that are disabled is not a recommended security practice for smart locks. Instead, you should focus on using strong passwords, keeping your firmware up to date, and using other security features such as two-factor authentication to protect your smart lock.
This was the answer from AI. Is it right? What about Nuki?
I think the AI is right.
Why should more accounts be more secure? This data isn’t transferred after creation. So there isn’t more useless noise, caused by this.
And if someone could handle accessing your users/permissions or read and decrypt the transmissions, it would be really problematic anyway.
Security by obscurity was never a secure concept. But it thinks that the Nuki itself is (mostly) secure.
To enter your rooms, it’s mostly easier and quicker to open/break your (cheap) lock itself, break in through a window, and so on.
Lock picking a (cheap) lock is (easily) possible. And sometimes it’s enough to kick the door hard enough.