Question

Is there any way to put a password on your sonos system?

  • 13 February 2013
  • 108 replies
  • 44259 views

Trying to stop everyone logging in and switching the play list, wondering if there is any way to put a password on the system so only those with the code can access the system

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

108 replies

Unfortunately the silence from Sonos is deafening. Not even their technical people have replied to the idea.

The suggestion that I might want to invest in a seven or eight zone system is rapidly disappearing over the horizon. Some open-ness on Sonos's part would go a long way to allaying fears that it is simply another betamax!


I'm sorry but that's just a stupid comment, Sonos is the BIGGEST player in this market (by quite some margin as well), it occupies most of the top ten on Amazon's wireless speaker sales chart, to suggest it's "another Betamax" simply because it doesn't offer password protection is a ridiculous thing to say.

If you don't want Sonos, go and buy a 7 or 8 zone system from a competitor that DOES offer password protection. Good luck with that. The point of these systems is that they are as simple to setup and operate as possible, sticking passwords or PIN codes at every stage does not qualify on that front. I can already imagine the number of "Why does Sonos keep asking me for a password?" threads that would appear on here if they did implement something like this.
Userlevel 2
Yesterday I installed Sonos connect and connect amp in a business where the two zones accomodate both the CEO's office and a separate zone for the sales offices. My first inclination was to find a way to isolate the two from a permission standpoint so there would be no accidental streaming to one zone or the other. I couldn't find it so I started searching and came here for advice, I cannot believe there isn't a simple feature to password protect or even hide zones. This seems like a very basic and doable tool to implement.
Set the two zones up as separate households.
Userlevel 2
Hi ratty, can you please explain a little bit?
Thanks,
Kevin
Correct me if I'm wrong but aren't you a professional Sonos installer?
Is there still no fix on this? I live in an apartment with two friends, I know of I put a sonos speaker in my room and forget to unplug it, I'm going to be constantly woken up.

Are their other systems out there where you are able to password protect or lock to specific device/s?
Is there still no fix on this? I live in an apartment with two friends, I know of I put a sonos speaker in my room and forget to unplug it, I'm going to be constantly woken up.
They're not exactly 'friends' then.

If you set your Sonos up as one system, and there's another Sonos system in the house, then your so-called friends would need to invade your room to register a controller app on their phones by pushing buttons on your speaker. If yours is the only Sonos in the house then you'd have to deliberately create a second Sonos system, otherwise a controller app would automatically find your Sonos unit. A second system can be as small as a BRIDGE, bought off eBay.

Are their other systems out there where you are able to password protect or lock to specific device/s?

This is a Sonos board.
Badge
The point of these systems is that they are as simple to setup and operate as possible, sticking passwords or PIN codes at every stage does not qualify on that front. I can already imagine the number of "Why does Sonos keep asking me for a password?" threads that would appear on here if they did implement something like this.

As with many modern devices, the passcode could be optional- just like securing a WiFi Router can be optional. SONOS can be left wide open with no passcode for those users who don't require one.
Badge
I'm really hoping that my google-fu is bad and that this is STILL not an open issue. A simple pin code for pairing devices to a sonos net... doesn't even need to be user accounts for Pete's sake. Maybe some zones get an additional pin code when first trying to control (like the bedroom, kid's room, etc.). It doesnt' have to be Fort Knox, just enough to deter mild abuse or accidental control.

With 6 zones I'm a bit invested in SONOS and love it, but it's not perfect, and not without its competition. I selfishly want to see SONOS trump the competition so that I don't end up with 6 BetaMax players :)


I wanted to amend this post with an anecdote of a recent experience. As an IT consultant, I'm in and out of a lot of different environments. Most recently, I was in the home of a CEO of one of my clients setting up a remote workstation. Seems they were having weird issues with their 8 zone SONOS system so I took a moment to look into it. Seems her teenage son and his friends were accessing the SONOS and changing settings, music queues, etc. When she expressed doubt that they could do this, I very effectively demonstrated this shortcoming by taking out my mobile phone, connecting to her SONOS, and piping Country music all over the house. Now, while I needed to be on her WiFi to do this, keep in mind that teenagers in the house are going to be on and know the wifi code, so it follows that their friends will be on the wifi as well. As a partial mitigation to this, I setup a guest wifi in the house with no access to the local subnet, but this still relies on the main wifi password not being used or discovered - a difficult task that anyone with kids can attest to.

So- the need still stands- an integral/optional method to connect to SONOS.
Badge
This thread is hilarious. Every concerned message requesting even the most basic form of password, PIN or any other protective feature is countered by answers such as "discipline your children", "get new friends", "hope your job wasn't affected", "get different roommates", "don't share your wifi" and so on.

Sonos is the leader in their field, but providing absolutely zero support for device control protection is just plain crazy. Submitting requests for any such protection is like throwing rocks into a deep pit... satisfying for a bit, but ultimately just a waste of time.

Perhaps someone at Sonos will do a quick web search for "how to add password protection to an application" and things will change. But seeing as this thread is several years old, I'm not going to bet any money on it.

Keep the requests coming, folks! I love reading the responses written in Sonos' defense. 🙂
This is most certainly needed. In fact you should go full out and on iOS take advantage of the touch-ID to authenticate users.
The fact that Sonos devices have NO security at all is somewhat worrying actually - it could theoretically be used as a vector for all sorts of other security issues - it runs Linux after all so is a fairly open platform underneath.
I'm confused by your statement. I use iOS almost exclusively to "control" my Sonos system. But all of my iOS devices are locked after a minute of non interaction, and the only things that you can do on the lock screen is start/stop, skip or replay a track. How does this indicate "no security"? While I can't look at the screen right now, not being at home, I'm 90% sure that I don't have access to the change the playlist / location of music. So to do anything else, I have to unlock my iOS device, using Apple's process. But maybe I'm not understanding your statement?

Please inform me on the theory as to how this could be used as a vector for security issues. I'd be most interested to know.
Anyone connected to your wifi network has full control of your Sonos. Might be ok for some, but the option of password/pin protecting access has been requested many times.

Sonos is a Linux system at heart. In theory it could be used as a vector to attack a local network or be used as a pawn in a botnet. I say in theory - this has not happened - but Sonos and all network appliance makers have to be vigilant. Google 'Brian Krebs ddos' - one of the largest ddos attacks in history was made against him using mostly unsecured internet appliances.
I see. Thanks for the explanation.

If that was an issue for me, I'd have the Sonos on the public side of my network, which would restrict access to all of my "secure" devices. But at the end of the day, if something is connected to the internet in any way, it's potentially accessible, no matter what "lock down" you implement.

But I have to chose between the internet of things, and security. So I'm somewhat rigorous in who I give access to my network to, and hence my sonos contorlling devices. It's not perfect, I'd agree, but I'm not sure how Sonos could make it much better. At the end of the day, it's my call as to whom I give access to, not Sonos'.
Anyone connected to your wifi network has full control of your Sonos. Might be ok for some, but the option of password/pin protecting access has been requested many times.


Doesn't this exist even now? How can anyone connect to the Wifi without the Wifi password? And if Sonos had a password, but the Wifi was accessed, how does the Sonos password offer any protection against such attacks? What is the incentive for a hacker to attack just the Sonos devices? Can someone access the WiFi via Sonos without having the WiFi password? Or hack into that somehow via Sonos as it is just now, with no password protection of its own?
Anyone connected to your wifi network has full control of your Sonos. Might be ok for some, but the option of password/pin protecting access has been requested many times.


Doesn't this exist even now? How can anyone connect to the Wifi without the Wifi password? And if Sonos had a password, but the Wifi was accessed, how does the Sonos password offer any protection against such attacks? What is the incentive for a hacker to attack just the Sonos devices? Can someone access the WiFi via Sonos without having the WiFi password? Or hack into that somehow via Sonos as it is just now, with no password protection of its own?


The problem comes when people have the password. Friends, or an office environment where people share the same network, family members. They have full control over your Sonos as it has no password. As for hacks, this is just a theoretical scenario. Access could be gained by using another compromised device inside your network. But my point is that Sonos needs to take security more seriously. For all I know, they do lot of work behind the scenes, but not having a password to authenticate a client device doesn't bode well.

Come on Sonos - just configure a password or pin that each device needs to enter once the first time it tries to connect to a device.

The problem comes when people have the password.

Ah..so that is the real issue, not the security one that was so strongly stated. Security is already blown by giving up the WiFi password, how would it help for Sonos to have one thereafter?
I don't give people my WiFi password in a hurry, and I am personally up to here with passwords and remembering them. I for one would be quite irritated to have one more in my life. My vote therefore is for no change on this count.

The problem comes when people have the password.

Ah..so that is the real issue, not the security one that was so strongly stated. Security is already blown by giving up the WiFi password, how would it help for Sonos to have one thereafter?
I don't give people my WiFi password in a hurry, and I am personally up to here with passwords and remembering them. I for one would be quite irritated to have one more in my life. My vote therefore is for no change on this count.


That may be fine for you but as you can see from this thread, it is not fine for others. It should most certainly be an option and not forced into the user. If you don't want a password, don't use the feature. Many people share their wifi passwords with friends and family or are in a shared network environment.

Don't confuse the two issues though. The password to access configuration and playlists, and any possible external threat are separate. I'm just requesting some sort of access control to the Sonos. Any possible external security threat should be something that I hope Sonos is mindful of. My point being that if they are unconcerned about access control, they may well be unconcerned with other security issues too.

Don't confuse the two issues though. The password to access configuration and playlists, and any possible external threat are separate. I'm just requesting some sort of access control to the Sonos.

No, I don't. I thought it was you that was confused, by using external threats as the justification for this need for passwords. I must have misunderstood your post.
I am curious though - how will these passwords work to stop a "friend" or a child from blasting music through the Sonos in your bedroom at 3 am if they are that kind of people?
1234Many people share their wifi passwords with friends and family or are in a shared network environment.

I really don't understand this... People hand out total access to their network, and then they're surprised that people (particularly kids) abuse it? Let's be kind and say that's just niave....

As previously suggested, put the Sonos kit on a private network and any untrustworthy people and children on a guest network - job done... Why on earth would you give access to your private network, which can hold all of your private data, to someone that you can't totally trust?
1234Many people share their wifi passwords with friends and family or are in a shared network environment.

I really don't understand this... People hand out total access to their network, and then they're surprised that people (particularly kids) abuse it? Let's be kind and say that's just niave....

As previously suggested, put the Sonos kit on a private network and any untrustworthy people and children on a guest network - job done... Why on earth would you give access to your private network, which can hold all of your private data, to someone that you can't totally trust?


You are assuming people are savvy enough to do this - or even know how to do this. Most people are not. What other private data would they have access to on your network? A NAS? A windows server? A linux server? These all offer access control via password. The odd man out here is the Sonos.

Regardless of what you think though - the question has come up and customers have asked for it and given specific examples of why they want it. That should be justification enough. The old Steve Jobs chestnut of 'don't hold it that way' really doesn't wash. Again - it should be optional - so if you don't want the feature, don't use it. Simples.
Regardless of what you think though - the question has come up and customers have asked for it and given specific examples of why they want it. That should be justification enough.

Good luck with that....
Regardless of what you think though - the question has come up and customers have asked for it and given specific examples of why they want it. That should be justification enough.

Good luck with that....


From the fanboi comments here and lack of response from Sonos i'm starting to feel that way too!
Userlevel 7
Badge +22
Regardless of what you think though - the question has come up and customers have asked for it and given specific examples of why they want it. That should be justification enough.

Good luck with that....


From the fanboi comments here and lack of response from Sonos i'm starting to feel that way too!


This is a forum where civil discussion of many things happens. Many, if not all, times when a suggestion is made some people will have a contrary view. That's just the way of things and to be expected. Just because people have a contrary view to you does not either 1) Make them a "fanboi" nor 2) Preclude them from commenting.

For what it's worth I am not a proponent of requesting Sonos become a surrogate for my own security responsibilities. So I shan't be giving access to MY private network to anybody who might take advantage of any security or aesthetic vulnerability in the Sonos app/controller, neither shall I call for Sonos to add password or finger print or iris scan access in order to allow me to be profligate with my security responsibilities.

I know people who want these added security "features" hate to be told to take responsibility for their visitors AND their actions but I'm afraid that's the way it is. Frankly I don't want to have extra hurdles to cross to change my settings because you allow dickheads onto your private network.

It is worth remembering. NOBODY has access to YOUR network unless YOU give them access to it - If you can't trust them not to hack into your system or play The Birdie Song at full volume then don't give them access (or at least put Sonos on the private side and give them a guest login and maybe change the password every week).
More importantly, I don't see how it will serve any long term purpose. Those that surrender Wifi passwords will, sooner or later, surrender these as well, for the same reasons. Why spend development dollars on something like this?

Just out of curiosity since I haven't seen them - what do appliances like refrigerators that are on the network do for restricting access? Devices like these will only increase in future, I am sure. All will have passwords over and above the one needed to access the network?