Smart home technologies provide a quick and simple solution for a range of tasks. But is this trade-off for a snap-of-the-fingers convenience creating a strain elsewhere?

Security vulnerabilities within some devices, or at least the way in which they are set up, may be keeping the door ajar, allowing access for cyber criminals.

In most cases, passwords are the first line of defence.

“Any sort of online service that you use, any web page, you should always use a 100 per cent random and unique password,” said Robert Covell, service manager with the Calgary-based ITeam. To keep track, he suggests using a password manager.

“If one of these (online) services is breached and they do manage to get your password, they have only gained access to that one service.”

Rather than setting a password, he recommends passphrases – a 25-to-30-character sentence.

“When it comes to a computer brute-forcing a password, it makes no difference to the computer if it’s a ‘3’ or an ‘e’ or an ‘a’ or an ‘@.’ All that we’ve done by making complex passwords is making passwords that are difficult to remember.”

“See what the privacy policy is. When you give this company your information, how are they going to be protecting it? And if something should go wrong, what is the recourse that you have?” – Shawna Kay-Thomas, Better Business Bureau

Brute-force is a systematic approach to decrypting data.

“Every character you add will add exponentially to the time it takes to brute-force attack it,” says Covell.

When setting up a home Wi-Fi network, locking it with a password is a must, says Covell. He also recommends WPA2 or WPA3 encryption.

Covell has a “junk” email account, which he uses exclusively for registering for online services.

“It never ties back to my primary, day-to-day address,” he said.

“By doing that, they may gain access to one simple and inane service and try those credentials other places. If your Facebook account is the same as your Hotmail address, and the same as your online banking, you can be in for a world of hurt.”

For privacy protection, Shawna-Kay Thomas, external communications specialist for the Better Business Bureau, also suggests looking into how a company plans on using the information you share during registration and going forward.

“See what the privacy policy is,” said Thomas. “When you give this company your information, how are they going to be protecting it? And if something should go wrong, what is the recourse that you have? How do they notify you if something goes wrong, or will they not notify you at all? That’s very important.”

If there is not a privacy policy, she adds, that’s likely a company or product to avoid.

To that end, when activating a smart device, stick to the company website.

“You may see ads pop up or a website that says you can active your device there,” said Thomas. “Then you’re giving the person behind that website your information when it’s not the legitimate site to activate your device.”

An indirect route to one’s personal details has come through voice-activated calls to businesses, which are available from some in-home smart technologies, says Thomas.

“There are fake websites out there that are mimicking legitimate contractors,” she said.

“Scammers have done unscrupulous things to get their ads bumped to the top of Google searches. When your voice is telling Google to call a particular contractor, it’s going to pull the first or most popular (result).

“That’s very risky because they’re having conversations with that fake business and may be passing on valuable information to that fake business.”

The lesson here is simple: find the company’s contact number by visiting its website directly.