I would propose creating an update-only key/password that would NOT allow account management as available by many dynamic DNS service providers.
Not all devices allow use of HTTPS for updating, so capturing the current credentials could allow account stealing. That would then become a form of Denial-Of-Service attack on the networks serviced by that account.
Keywords: update key, update password
Please sign in to leave a comment.