[Klathmon]

It's that kind of thinking that makes bad security.

Time and time again it's been shown that if you design systems that are hard to correctly secure or make significant compromises in the name of "security", they end up being insecure because people just won't use them or will actively seek ways around them.

You can't just handwave away issues like usability and pretend that you've designed the "perfect" system or something.

If you design a good/secure keypad lock but it doesn't give people an easy way to let their family member in the house when they are away, they are just going to give out the code, leading to less security overall. If you design a secure keypad lock without a tumbler, the first time the batteries die and the user is locked out of their house they are going to replace it with something that won't lock them out.

Usability needs to be a core aspect of secure engineering. And oftentimes a "technically less secure" option is better, because it's actually usable by normal people in most cases.

A 5-point harness is safer than your average seatbelt, but we don't use them because forcing every car to have a 5-point harness would just end up with fewer people using them.

[setquk]

I think you are right but introducing a new paradigm (usually smart) over a standard operating model is a mistake.

These are all problems we have solved for years before without the technology so there are established ways of handling the situations. Adding complexity and a different way of doing things actually makes it harder and riskier.

Coordinating how to use a smart lock between two people is harder than it looks.

[Klathmon]

I've had a remotely operatable "smart Lock" for the last 5+ years, and at no point did it ever make things worse or harder.

On many occasions I was able to get a call from a family member to let them in, and there were many hundreds of times that I was able to lock or ensure the door was locked after I left the home.

I really feel layering is the ideal way to achieve this, as it means that any "smart" capability is easily disabled if found to be a problem, and we know that the underlying system is sound.

In my case I use a deadbolt that has a keypad, and they separately sell a zwave plugin for it that gives me local control, then I layer on an open source "gateway" that gives me control and notifications when away from the house.

If the gateway fails or is untrustworthy, I turn it off and the rest still works. If the zwave is found to be faulty, I pull it out and still have a functioning lock.

And until major vulnerabilities are found in any part of the "smart" add-ons, or until my lock starts unlocking on its own, it has greatly increased the security of our house, as well as increased my quality of life. No more getting out of bed at night to check that the door was locked, no more turning around to lock the door because I forgot when I left, and it was great when I was showing my last house as I could enable/disable the codes when I wanted, and get notifications when people came and left.

I'm not saying all new tech is good, just that this fear that "smart" (read "connected") is a bad thing inherently, and that the "traditional" ways of doing things, while perfectly fine for many, are not a panacea which can't be improved upon. The steam engine was great, the ICE was better, today's hybrid extremely-efficient engines are still better. Sure it's gotten more complex, but also significantly safer, easier, more resilient, and more powerful. In other words, complexity should be managed, not forbidden.