The initial configuration has no access restrictions for reading or modifying device data or configurations. If the device is exposed to the internet, then it can be read and modified from the internet without additional protections. If untrusted actors can join your local network (WiFi LAN) then they can read and modify without additional protections.
If your LAN isn’t secure, or you intend to provide access from the internet via port-forwarding, you should require authorization. IoTaWatt supports two levels of authorization using the relatively secure digest password authorization protocol. This isn’t the most secure method of authorization, nor is it the least. Given the limitations of an IoT device, you may find it is a reasonable balance between exposure and data value.
Unrestricted LAN access¶
Checking this option will allow unrestricted access, i.e. without passwords, for any sessions originating on the local LAN. This is defined as requests that come from an IP that is not the gateway IP. With this option, you can have the best of both worlds: Unrestricted access in your home or on your VLAN, and authorization protection from unwanted access via the internet when port forwarding is enabled.
Setting and changing passwords¶
The new password specifications will take effect immediately.