Smart home “hacks” are frightening. You may have seen the viral news stories. A family’s security camera was hijacked to play fake warnings about a nuclear attack. A stalker harassed his ex-partner by changing her lock codes and turning her lights on and off.

How do these attacks happen? Typically, the intruder doesn’t target the smart home technology company. He targets the homeowner’s account instead, taking advantage of a security lapse—a weak or compromised password, for example—to log in to their account or mobile app.

The good news is that you can protect your account from an intruder by taking some simple measures. Alarm.com offers several smart safeguards for you to employ, and your service provider is always on hand to offer help and expertise.

Here’s how to take action and keep your Alarm.com account better protected.

1: Update and improve your password

A weak or re-used password is the digital equivalent of a door key tucked under the mat. It’s how most hacks and data breaches happen. Create a stronger password for your account by following these rules:

  • Avoid the obvious. Dogs are for home security, not password security. Don’t use your pet’s name, or favorite team, or anything else that’s easy to guess. Pick a password or phrase that’s memorable—but only to you.

 

  • Make it unique: Add capital letters, numbers and symbols to make your password harder to crack.

 

  • KEEP it unique. Don’t use your Alarm.com password anywhere else. Using the same password across multiple sites means that a single data breach—anywhere—will compromise all of your accounts. For safety, always keep a separate password for Alarm.com.

Does your current password measure up? Log into Alarm.com, or go to the Login Information tab in your Alarm.com app, and change it now. We’ll wait!

2: Set up Two-Factor Authentication

Two-Factor Authentication is an optional Alarm.com feature which adds a second step to the login process. It makes it much harder for an intruder to access your account, even if they’ve guessed or acquired your password.

Alarm.com Protect Account 2FA Password.jpg

Once you enable Two-Factor Authentication, Alarm.com sends a one-time code to your phone via SMS whenever you or anyone else logs into your account. This code is required to complete the login, meaning that only a person with access to your messages can log into your account.

Two Factor Authentication is available in the United States and Canada. You’ll find it in your Alarm.com app under the Login Information tab.

3: Never share your login with other users.

Letting other people log into your Alarm.com account with your credentials is a security risk. It makes it harder for you to track who’s logging in, and you could even lose control of your account settings.

When you give a new user access to your account, always give them their own login. It’s easy to do from your web dashboard (go to Users, then select Manage Logins). There’s no extra charge, and you can control exactly what each user can see and do within your account.

We provide a range of pre-set user permission levels, from “Read Only” to “Full Control”, to make this part easy—or you can customize each user’s permissions if you prefer.

4: Don’t give account access when a User Code will do.

If a person only needs physical access to your home, don’t give them an account login. Give them a User Code instead.

Alarm.com Protect Account User Code.jpg

Let’s say you hire a dog-walker to visit your house on weekdays. A numerical User Code lets them unlock the door and disarm your alarm. You can restrict the code to work on weekdays only, and have it expire on a given date. You can even get an alert or video clip when they use it.

As any security expert will tell you: give people the access they need, and no more. In most cases, a User Code will take care of it.

5: Set up activity alerts for awareness.

Alarm.com’s smartphone alerts can help you protect your account as well as your home.

Alarm.com Protect Account Login Alert.jpg

To receive an alert when someone accesses your account, or tries to, set up a Successful Login or Unsuccessful Login notification. If you receive either alert unexpectedly, you’ll know to investigate and take action if necessary—see item #6 below.

You’ll find these notifications in the System Event category of your notification options.

Please note: Unsuccessful Login alerts can be triggered when other Alarm.com users mistype a username that’s similar to your own. To reduce the likelihood of this happening, ensure that your username is distinctive and different. You’ll find it in the Login Information tab of your Alarm.com app.

6: Lost your phone? Suspect a breach? Do this.

If you think an intruder has access to your account, or you lose your phone with the Alarm.com app on it, here’s what to do.

  • Log into your Alarm.com Web Dashboard and go to Settings.
  • Go to the Devices tab, then select Lost Device.
  • Submit a “Disable Automatic Login” command to log every user out of your account and prevent any device from logging back in automatically.
  • Change your password immediately.

 

Need help with your account security?

If you’re in danger because someone has accessed your Alarm.com account, contact your service provider immediately. They’ll help you restore control, and advise you on what to do.