Lock and key smart security

{{whyLabel}}: Knowing your current security baseline prevents downgrading your physical protection when switching to smart tech.

{{howLabel}}:

• Check the side of the bolt or the packaging for a Grade 1, 2, or 3 marking.
• Grade 1 (Commercial) is the strongest, Grade 2 is standard residential, and Grade 3 is basic.
• If no grade is visible, assume it is Grade 3 and prioritize an upgrade.

{{doneWhenLabel}}: Current lock grade is identified and documented.

{{whyLabel}}: A high-tech lock is useless if the door frame or hinges are weak points for forced entry.

{{howLabel}}:

• Inspect the strike plate (the metal part on the frame); it should be secured with at least 3-inch screws that reach the wall stud.
• Check for door warping; a smart lock motor will fail or jam if the bolt doesn't align perfectly with the hole.
• Ensure hinges are tight and screws are long enough to prevent the door from being pried off.

{{doneWhenLabel}}: Door and frame integrity are verified or repair needs are listed.

{{whyLabel}}: Smart locks trade 'picking/bumping' risks for 'hacking/software' risks; you must decide which you can manage better.

{{howLabel}}:

• Traditional locks are vulnerable to physical bypass (picking) and lost/stolen keys which require expensive rekeying.
• Smart locks offer 'Access Logs' and 'Temporary Codes', but require firmware management and a secure network.
• Decide on a 'Local-First' approach (Z-Wave or Matter over Thread) to minimize cloud-based hacking risks.

{{doneWhenLabel}}: A conscious decision to proceed with a specific lock type is made.

{{whyLabel}}: Older Wi-Fi standards (WPA2) are more susceptible to brute-force attacks that could compromise connected devices.

{{howLabel}}:

• Log into your router's admin panel.
• Navigate to Wireless Security settings.
• Select WPA3-SAE if supported; otherwise, ensure WPA2-AES is active with a 20+ character password.

{{doneWhenLabel}}: Router is running the highest available encryption standard.

{{whyLabel}}: Isolating the smart lock from your main computers and phones prevents a compromised lock from exposing your personal data.

{{howLabel}}:

• Enable the 'Guest Network' feature on your router.
• Set a unique SSID (e.g., 'Secure_Home_IoT').
• Ensure 'AP Isolation' or 'Allow guests to see each other' is DISABLED.

{{doneWhenLabel}}: A separate, isolated network is ready for the smart lock.

{{whyLabel}}: Physical strength remains the primary defense against burglars using brute force.

{{howLabel}}:

• Look for 'ANSI Grade 1' (best) or 'BHMA Grade A' certifications on the box.
• Prioritize models with a 'Physical Key Override' (hidden keyway) for emergency access if electronics fail.
• Avoid 'Grade 3' or unrated budget locks for main entry points.

{{doneWhenLabel}}: A certified high-security lock is selected.

{{whyLabel}}: Local protocols like Matter (over Thread) or Z-Wave are more secure and reliable than Wi-Fi-only locks.

{{howLabel}}:

• Matter/Thread: Future-proof, works across Apple/Google/Amazon without a specific brand hub.
• Z-Wave: Highly secure, uses a different frequency (908 MHz) to avoid Wi-Fi interference.
• Avoid Wi-Fi-only locks if battery life and offline reliability are priorities.

{{doneWhenLabel}}: Lock protocol is chosen based on your existing smart home hub.

{{whyLabel}}: Standard strike plates are the weakest link; a reinforced plate prevents the door from being kicked in.

{{howLabel}}:

• Buy a heavy-duty steel strike plate (at least 8-10 inches long).
• Ensure it comes with or you buy 3-inch hardened steel screws.
• This is a generic hardware item found in any home improvement store.

{{doneWhenLabel}}: Reinforcement hardware is acquired.

{{whyLabel}}: Misalignment causes friction, which drains batteries and can lead to the lock failing to engage.

{{howLabel}}:

• Follow the manufacturer's guide to replace the existing deadbolt.
• Critical: Ensure the bolt slides into the strike plate hole without touching the sides.
• Use the 3-inch screws to secure the new reinforced strike plate to the frame stud.

{{doneWhenLabel}}: Lock is physically installed and operates smoothly by hand.

{{whyLabel}}: MFA prevents an attacker from controlling your door even if they steal your account password.

{{howLabel}}:

• Open the lock's companion app.
• Go to Account Settings > Security.
• Enable 2FA/MFA using an Authenticator App (preferred) or SMS.

{{doneWhenLabel}}: MFA is active for the primary administrator account.

{{whyLabel}}: Certain default settings prioritize ease of use over security, creating vulnerabilities.

{{howLabel}}:

• Disable 'Voice Unlock' unless it requires a secondary PIN code.
• Disable 'Auto-Unlock via Bluetooth' if you live in an apartment where you might be near the door while inside.
• Enable 'Auto-Lock' with a 30-second delay to ensure the door is never left unlocked accidentally.

{{doneWhenLabel}}: Security-first settings are applied in the app.

{{whyLabel}}: Smart locks consume significant power; waiting for a 'Low Battery' alert can lead to lockouts in cold weather.

{{howLabel}}:

• Use high-quality Alkaline batteries (avoid Zinc-Carbon or cheap rechargeables unless specified).
• Add a recurring event to your digital calendar for every 6 months.
• Check for battery leakage or terminal corrosion during replacement.

{{doneWhenLabel}}: Calendar reminder is set and first battery check is complete.

{{whyLabel}}: Mechanical shifts and dust can degrade performance silently.

{{howLabel}}:

• Visual: Check for loose screws on the handle and strike plate.
• Cleaning: Wipe the fingerprint sensor with a dry microfiber cloth; use compressed air for the keyway.
• Testing: Verify that the app, keypad, and physical key all work independently.
• Alignment: Ensure the door hasn't sagged, causing the bolt to rub.

{{doneWhenLabel}}: Monthly maintenance routine is established.

{{whyLabel}}: 'Ghost' codes for former contractors, guests, or ex-tenants are a major security hole.

{{howLabel}}:

• Open the app and review all active PIN codes.
• Delete any codes that are no longer needed.
• Ensure all remaining codes are assigned to specific names for the activity log.

{{doneWhenLabel}}: Access list is cleaned and only contains authorized users.