ESPHome Passwords Do You Need Them? Don't do this! 

The hidden little tips in the vids! 😎

If you’re familiar with vscode all the macros are the same (at least I think) - for example shift+ del will delete the whole line

Nice!

If you use the OTA passwords... Never ever lose them or delete them is the most important this thing I wanted to stress.

It is a very common thing I see people doing. They delete the password and have no backup or lose the yaml file and get locked out. Definitely should be optional as people just click past and don't realize the importance of never losing that password.

⁠@@digiblurDIYI have an electric heater that this happened to. I’m stuck on 2022.3.1. I’ve tried to read the bin file to get the original ota password. I’ve come close without success. It’s disappointing.

Not a bad idea there and keeps it the same. It would be cool if it followed the filename type thing.

@@digiblurDIY You could probably use some kind of substitution variable like “$filename” or such, maybe?

No problem 👍

Ahh.. Yes.. This is a little easier.

Yup. Add in your auth for the webserver if you are using that component. esphome.io/components/web_server#configuration-variables

That's the Esphome dashboard.

thks so much for you quick reply, i'm gob smacked, NO YT vid i've sat through has ever mentioned there is one, again thks i'll go try and find the elusive YT vid that covers something on this for the newcomer. Happy New Year to you@@digiblurDIY

He might be sneaking off of that SSID as the filtering isn't there on LTE

Should have done it a while back.

yeah I figured I'd add something that I knew to it. But again, least of my worries if someone else is on my vlan

I have automated versioning myself of files in my docker containers. But everyone does not have this setup.

@@digiblurDIY I just do a zfs snapshot every 15 minutes. But really I never edit my files on the servers. For the esphome I commit everything into git and my CI/CD pipeline delivers it to esphome. So no line of code is ever lost.

Which advice? To remove or add it? Set it as one password? Use the device name? I gave it all. You could even do a spin and add something to the end of the hostname and do your own thing.

@@digiblurDIY I realize I was vague... and I shouldn't claim it was your "advice" but rather your opinion that encryption is not necessary on private networks.

Yeah the encryption isn't something I do being on a private network. There are larger issues than my light bulbs turning on if my private network is compromised. Up to the user if they want to do it. The larger issue here is the OTA password mess.

@@digiblurDIY In my case I use the devices for a lot more than lights and could be detrimental. To each their own.

​@@digiblurDIY the argument you used for why you spend time actively removing the encryption instead of just leaving the default in, was basically "I feel bad for the esp having to do so much" You're also giving blanket advice to the internet that encryption isn't needed on your home network, because all someone could do is turn on and off light bulbs. I have an esp that opens and closes my garage. I have another one that's "just a sensor for whether a door is open or closed" But its tied to an automation to lock a door, and if I had it set up wrong (i don't) it would be possible to send homeassistant information about that sensor to trick an automation into "toggling" a lock. Obviously the door sensor is an extreme example because i don't have the automation set up to toogle instead of lock. And clearly i know enough to know when to ignore advice I run into on the internet. I'm not going to say that turning off encryption on an esp device that's just turning on and off lights is a problem, because its probably fine. And I obviously don't think that people should blindly listen to advice on the internet, and turn off encryption just because someone on the internet says its dumb. I think that people need to be smart enough to know whether what their esphome device is doing is sensitive or not. But I also think that you left out any nuance in your video. You basically said its dumb, the chip doesn't need to be doing more than it has to. And you're going out of your way to turn off a default.

These are home devices. If someone gets on your network at home, you have bigger issues than some light bulbs going crazy from a hack 😂

I showed you how to set it or remove it. It is your choice.

@@digiblurDIY you definitely expressed your opinion (starting with 01:36) - again: you did not push anybody, but being influencer you could be more ... matured with your advices ;)

@zyghom Yeah the encryption isn't something I do being on a private network. There are larger issues than my light bulbs turning on if my private network is compromised. Up to the user if they want to do it. The larger issue here is the OTA password mess.

@@digiblurDIY you forgot, that majority of people use "1 password for ALL" - and this is the beginning of the collapse. Nobody gives a s..t about 1 bulb. Think big