[quote=“oTi@, post:20, topic:169564”]Was able to get a (Prowl) notification as soon as a manual code is entered on the lock, through a quick hack that adds an event that triggers on any update to [tt]PinCodes[/tt].
Filed bug# 1958 to get support for a ‘PIN code changed’ event.[/quote]
I appreciate your help. When I am at my vacation home, I will re-writing slot 1 and 2 as you and Garrett have been able to do. I will then call Dennis at Kwikset and educate them that 1 and 2 can in fact be deleted electronically. There are only a couple of people that answer Kwikset questions so it will get to the right people. As I said before I called them, and asked them 5 different ways why on earth they had that severe of a security breech. While I still think they need a pass-code, being able to see if someone changed the code it is a relief.
That all being said, knowing what I know I would have bought a Yale as it seems to be the best of both worlds.
→ oTI & garrettwp, thanks for confirming that the codes can be deleted from Vera, I will also try this on my residence sometime during the Thanksgiving holiday.
→ SteveH, I certainly thank you for bringing this to the attention of the MCV community, but I think you might want to also consider your application (rental properties) versus primary residences. On rental properties, nothing is 100% secure, if a renter wants to find a security flaw and gain access to your property, it is very likely that the renter will find that security flaw. In my particular case, a primary residence, I know who goes in and out of my house and I trust them all. I installed a Kwikset lock on my residence over a year ago, and I have been really happy with it; my biggest concern when I installed this lock was the security on my network and how secure were the MCV servers so that nothing gets unlocked by mistake. There has been hiccups (if you search the forum you will find them), but MCV has been really responsive. I really hope that you find the appropriate solution/device for your particular application and keep on sharing your experiences with the rest of this community.
[quote=“markiper, post:22, topic:169564”]–> oTI & garrettwp, thanks for confirming that the codes can be deleted from Vera, I will also try this on my residence sometime during the Thanksgiving holiday.
→ SteveH, I certainly thank you for bringing this to the attention of the MCV community, but I think you might want to also consider your application (rental properties) versus primary residences. On rental properties, nothing is 100% secure, if a renter wants to find a security flaw and gain access to your property, it is very likely that the renter will find that security flaw. In my particular case, a primary residence, I know who goes in and out of my house and I trust them all. I installed a Kwikset lock on my residence over a year ago, and I have been really happy with it; my biggest concern when I installed this lock was the security on my network and how secure were the MCV servers so that nothing gets unlocked by mistake. There has been hiccups (if you search the forum you will find them), but MCV has been really responsive. I really hope that you find the appropriate solution/device for your particular application and keep on sharing your experiences with the rest of this community.[/quote]
Thanks for the note. We agree that there is no security system that is bullet proof. Certainly all three ZWAVE brands can be disabled if someone works at it. But Yale and Schlage felt it was important enough to to install a code in order to program an electronic key while Kwickset felt it was o.k. if someone could issue themselves an electronic key within 5 seconds. IMHO, there is a big difference between the level of security even for primary versus rental applications.
Let’s assume that a primary residency owner wants to let in a cleaner every week. All of us want to hire a cleaner that we trust. But if you decide to click the timers that disables that person from going in and out at from 8PM to 6AM, how much do you really trust them?? If you set up a notification to text you when a service tech enters your home, how much do you really trust them? ??? I charge people $3K a week to rent my lake home. I’m not dealing with thieves and I do trust these people a lot of I would not let them into my $800K home. But I don’t think, I’m really asking for a lot. I think it’s rational for just about every user to deep down want a passcode in order to issue an electronic key. That’s why the other two players who make Zwave locks include this super basic security feature. I do realize that on average, a lot of people will never run into this issue and in all likelihood I should be fine as well. After all I have had several rental properties and zero thefts (knock on wood). But if someone has not bought a lock from any of the three players, I think this is something that they might want to consider. It’s piece of mind.
Personally, I don’t trust any of these locks. If I was going to install this sort of system, I’d just have a no-button electric striker that I can activate remotely with Vera. Someone needs to get in, they can call my cell phone, I can see them on the door camera and hit the button to let them in.
Of course, that simply moves the security problem from the front door to the Internet. Out of the frying pan, into the blast furnace. Which is why I don’t trust the locks on my doors to Zwave.
anybody have had any experience in bidding at ebay? this zwave deadbolt kwikset has a bid for $36.88 and says brand new. how can this be true if homeseer, and other online stores have it listed for $198 - $240. any thoughts? thanks.
For some time now, most of the action in Ebay “auctions” happens in the closing seconds. I have seen items worth $1000 start at $0.99 and languish around $10 for days, only to shoot up right at the very end. So you can’t really go by the current high bid as any indication of what any item will ultimately sell for.
Beyond that, just look at the seller’s feedback rating. Anything below 99% is suspect. And you may not want to buy from someone without an established track record. And I’d avoid non-US sellers.
Your best bet is to just pick a number representing the most you’d be willing to pay and place a bid there. One of three things will happen: you’ll get outbid, in which case it doesn’t matter because the item will go for more than you’d have been willing to pay anyway, you’ll win at your max bid, or if no one else is interested you’ll get a bargain.
[quote=“waltzer11, post:25, topic:169564”]anybody have had any experience in bidding at ebay? this zwave deadbolt kwikset has a bid for $36.88 and says brand new. how can this be true if homeseer, and other online stores have it listed for $198 - $240. any thoughts? thanks.
I hope I am not breaking any discussion protocols by asking you about your set up as part of the discussion on Kwikset locks (very interesting discussion). Jirahhome, how do you get the PIP to show up on your TV’s when the sensor is tripped? Any info would be much appreciated as I am looking into doing a similar type of set up.
Statistically speaking, the best security is multiple layers of security, so to say that just because your door is locked you dont need a security system is inaccurate (you still have windows that can be opened if not broken). I do agree that Kwikset should have a better code mechanism, but I will also remind you that no lock is foolproof. I have a Kwikset at my home, and what I did was add event triggers. if my front door opens, picture in a picture pops up on all the tvs and shows my front door cameras (i have one on the outside and one on the inside of the door). If this happens during a predetermined and set time (say while the house should be empty) my wife and I get texts/emails and all my cameras begin recording. If neither of us respond to that email in 10 mins, my alarm notifies the police station and sends video footage is emailed to us. I know this does not directly address your issue of the code set, but I would again remind you that no single security measure is foolproof. I would suggest having Vera resend the codes you choose every night at say 3am as a backup measure. [/quote]
I am completely lost with this whole thread.
I have numerous locks installed, and when I pair them up, there are always 2 codes listed (without names). These are the two factory codes. I promptly delete them, and then add the codes I chose with their names. I lost my dongle a while back, and cleared one of the units with a master reset and added some codes manually… When the zwave dongle came in, there were once again 2 codes in the lock, and I removed them.
In order for me to add the 2 codes, I had to use the “master” code… not a door pin…
Am I confused?
Wasn’t sure if I should have started a new thread or continue this one so I decided to continue this one as this one already has useful info. While looking at smart deadbolts, I came across the Kwikset one. Looking at the on-line manual (found in the Kwikset website) to get a better understanding of the lock, in step 7 I noticed this:
CAUTION: Prevent unauthorized entry. This lock can be opened using two different codes that are randomly set at the factory. Upon installation and setup, replace both of these codes with your own. Since anyone with access to the power board can change these codes, [u]you must restrict access to the power board and routinely check both codes to assure they have not been altered without your knowledge[/u].
(I added the underline.)
Further research, I came across this thread. Thinking that its because of you guys that they added the caution statement maybe???
Anyway, I do not have a Vera system yet but hope too. I noticed that in the bug #1958 filed by oTi@, the last history entry states, “ui4 => ui5”. Does anyone know if the recommended action by oTi@ was implemented in Vera 3?
To get around this issue, simply ‘restrict’ codes # 1 and 2 to a date range in the past. Once this is in place, at least on my lock, I can’t use, OR CHANGE those codes via the inside ‘program’ button. A factory reset would be the only way around this.
If you think that any one vendors implementation is better or more secure than another, look deeper, then deeper again. I know the Schlage lock allows for a factory reset once you have physical access to the inside unit, the reset is much like the Kwikset lock. The Yale lock requires a screwdriver to access the factory reset button, on the inside of the lock. In the IT world, once you have physical access to any asset, you pretty much own it (save for crazy encryption).
Of course, a factory reset will be quite obvious, as the lock will no longer be managed; but the way I see it all these locks are on an equal playing field re: this functionality, once you include the z-wave controller & some minor programming.
If we want to talk about the PHYSICAL security provided by any smartkey lock, relative to the competition, now that is a different story : ‘Bump-proof’ these locks may be, but when you can open them in mere minutes with a hammer, a cut blank, and pliers- hmm… anyone @ Kwikset listening???
Having said that- I use the Kwikset lock. If someone wants in my house, a brick and a window make for an easier time than the deadbolt, anyhow!
IMHO Kwikset as always equated junk. Even before z wave existed I always told my clients never to purchase these lock sets as they are NFG.
This security flaw with Kwikset is substantial. I cannot believe that a lock company would allow any changes to codes without the need of a programmers/master code.
And to equate pushing 4 buttons to throwing a brick through your window is silly, clearly the glass breaking would wake you up.
Again, all locks have their weaknesses. I just wanted to point out how to work around this perceived code reset issue with the Kwikset z-wave gear. I agree the traditional ‘SmartCode’ lock would have some problems, but adding z-wave and proper MCV programing makes access to the front panel no more a security issue than with any other lock.
Also, FYI, my particular (newer) Kwikset z-wave deadbolt has screws on the front control cover to prevent easy access to the program button / batteries.
It takes more than a screwdriver and a pair of pliers to brute force into a smartkey lock- but not by much. The hammering it takes on the short-cut key (that is cut to a special depth) to deform the internal mechanism to allow the barrel to turn would, if noise is the issue, alert any occupant to a break in.
I don’t think I alluded to reprogramming the lock to being equivalent to breaking a window…? Also, I don’t hit 4 buttons, we use 6 or 8 digit codes
If I lived in a house with no windows, I’d be more worried about the lock durability. But if home security is looked @ from a holistic perspective, there are quite a few easier targets to exploit to get you into a house, other than a deadbolt.
I don’t know if the other z-wave locks are bump-proof (or even bump-resistant); that’s the one thing SmartKey has going for it.
Kwikset is a ‘value’ lockset in my opinion- lots of features to be had for a pretty reasonable cost. You wouldn’t want to use Smart Key on fort Knox! The fact that Schlage discontinued their SecureKey locks speaks volumes to the reliability of the ‘self rekey’ technology, though SecureKeys demise may be due to the litigation brought on them by Kwikset.
As a wise man once said: Locks keep honest people honest.
Sorry to bring back an older topic, but had a couple things to add;
Someone mentioned that all the locks had their flaws (very true), but that the Schlage can be reset once opened from the inside (you need tools to do this however), while I can’t remember exactly how you do a factory reset off hand, even if you do this you can prevent them from knowing what those factory codes and programming code are. There is a sticker on the inside of the exterior part of the lock with the programing code (and maybe the two default codes? (It’s been a while since I have installed one of those), every one I have installed on rental type property I have used a razor knife and cut that part of the sticker off. That way if someone knew to look for that sticker to get the programming code (more important than the default codes IMO because it is like a master key for that lock) it would not be there anymore. I agree with the OP that the Kwikset has a major security flaw with this.
What’s that saying again: If it is too good to be true…