I’m a big fan of security reality instead of security theater.
If someone got onto my network, I would be far more worried about them holding my precious photos and music files and family document scans hostage than them being able to manipulate any system or gain access to any data kept on my network. So I keep an offsite NAS which backs up my local NAS and an airgapped hard drive with everything that I update once a year.
If someone got access to my Qobuz account I really couldn’t care less… Like what is the actual risk to me? I keep all my passwords in one of the password keepers. The passwords are all as complicated and long as sites will let me have them - they are gibberish with many symbols. Typing in 32 characters of gibberish is hard, let me tell you, on the rare occasion I have to. I have no idea what any one of my passwords is except for my AppleID, because I am required to type that one in. I have 2FA on wherever I can. It’s relatively difficult to compromise these password managers - LastPasd showed it can be done.
I’ve had a credit card stolen. It sucks. But it was social engineering at a gym, not a sophisticated attack. It was a couple months of feeling vulnerable, and a bunch of letters, and it was fixed. Almost everyone I know who has had an actual financial compromise was the result of a phishing attack that got by them or social engineering.
My Wi-Fi password is really long and also gibberish, and kept on my password manager. My guest network’s password is “password6”. Because I’m networking curious that means that guests can not run Sonos or Roon. Big whoop.
Other than ransomware or corporate info (and managing the corporate perimeter is a different issue, the company should defend everything including BYOD according to actual risk) there’s nothing I can imagine anyone wanting on my home network. If my ecobee thermostats or ring cameras are attacked, so what? They become part of a bot net? Are we talking about a HAL9000 situation? Is someone actually going to try to freeze my pipes on my second home? If they get a copy of my family photos, is it really so bad? If they somehow got a copy of old credit card bills or bank account statements, what could they realistically accomplish? If someone got my banking details somehow, it’s unlikely they could get away with that much because of hire I gave things configured at my banks. But if they did, they would have an easier way of getting there than getting into my home network.
I’m not trying to be callous, but I keep a copy of everything safe, and the actual risk to me is likely no worse than if I had hard copies of everything in my home, and a reasonable alarm system and someone broke in. Unlike corporate espionage/ransom ware , breaking into someone’s home network is a high effort, low value target. And in the grand scheme of things I’m a reasonable target - I would guess a lot of people on here are. Stealing Roon’s forum credentials would likely be a worthwhile effort because I bet a while bunch of people here use the same password here as they do on other more important platforms like banking.
So perhaps you place a different value on all these things than I do. Or you assign different likelihoods. Or you think the effort I go to is ridiculous. You absolutely can do whatever you want. But I think that freaking out about low bar access controls for one device on your network for file access to something where it really likely only has FLACs on it and you really oughtta have a copy somewhere else is kind of overboard and not focusing on what actually are the risk vectors. But that’s a value judgment. You can see above my rough calculations.