Security Update: User Passwords


14th June 2022 in Technology

As always, we pay close attention to security in every new product and software update. Protecting the data of our customers has always been a top priority at Loxone since the company was founded in 2009. In our upcoming version of Loxone Config & App, we are raising the bar again.

Security precautions on cyber attacks

Are you aware of existing lists of username/password combinations circulating the internet? They’re out there and may be used for cyber attacks. So far, there are no successful attacks on any Miniservers, but we are taking proper precautions. In our upcoming release on June 29th, we will ensure that username/password combinations from these existing lists will no longer be used in our products.

How it works:

The Loxone Config & App will now prevent users from selecting passwords that are included in such lists, and therefore, accessible to potential attackers. Previously existing users with such passwords will be warned at log-in and given a warning (optional) to change their password. However, the decision remains up to the user.

Moving forward with this update

This security feature also affects the initial set-up of a Miniserver. The default user and password (admin/admin) must be changed.