> For instance, the Nest we had in our apartment would randomly start on and off, or suddenly stop being visible to the app, etc.
My own smart thermostat — from another company — has mostly been very good, but it randomly wants me to re-enter my (high-entropy, unmemorisable) password in their site to use it. Why can't I just connect to my thermostat and set up the authentication I want? Why can't I use a client certificate, or an SSH key, or just have a $&% token which lasts approximately forever?
It's my* device; I should be able to do whatever I want with it. Give it (not the vendor's site) a clean API, and I can do anything.
My own smart thermostat — from another company — has mostly been very good, but it randomly wants me to re-enter my (high-entropy, unmemorisable) password in their site to use it. Why can't I just connect to my thermostat and set up the authentication I want? Why can't I use a client certificate, or an SSH key, or just have a $&% token which lasts approximately forever?
It's my* device; I should be able to do whatever I want with it. Give it (not the vendor's site) a clean API, and I can do anything.