- It is a good idea to create a dedicated user account in Domoticz that you use for DA Bridge only. You should definately not use your admin user or any other user with administrator rights. You can create a user in Domoticz here: Settings -> More Options -> Edit Users
- DO NOT USE YOUR ADMIN ACCOUNT!Seriously, despite the warning above, some users still do it.
- On the 'users' page in Domoticz, you can also restrict access to devices on a per-user basis. You should only allow DA Bridge access to the devices you will actually be controlling or querying using Alexa. You can do so by clicking on the "Set Devices" button. Drag the devices you need to the right column and drag the rest to the left.
- Use https to let Domoticz Bridge connect to your Domoticz! Passwords are sent over the internet in clear text if you don't use https! This is unsafe, so you should use https whenever possible, we might even remove unencrypted http support in the future.
- We know that most people using https will use a so-called self-signed certificate. Therefore we do not check the validity of your certificate when connecting to your Domoticz as it would break SSL for most users. This is a potential security risk, because it opens up the possibility to do a man-in-the-middle attack, but using SSL still protects you from people sniffing your traffic (and your password).
- Do not use Alexa to control security related devices around your home. Controlling door locks, garage doors, alarm systems, blinds/shutters etc is not safe. Someone standing outside your house shouting loud enough for Alexa to hear it may be able to get into your home. Obvously, this goes for all devices, not just the ones controlled by DA Bridge.