Smart Home Security Devices Fail Even Basic Password Practices: HP

Julianne Pepitone
Maxphoto | Getty Images

"Smart" Internet-connected home security systems are meant to protect consumers from intruders — but the top devices don't require even the bare minimum for password protection that we expect for our email and other web services, according to a new study from HP.

HP bought 10 home-monitoring devices like video cameras and alarm systems and tested them to see how easy they are to hack, Jason Schmitt, the vice president and general manager of HP's enterprise security products team, told NBC News.

Read more from NBC News:
Read MoreSamsung CEO: Smart home will die without open system
Read MoreU.S. government to announce new cyber threat center
Read More Global conflicts could spawn more cyber attacks, firm says

All 10 of the devices had "significant vulnerabilities" in the security of the device itself, HP said.

Read MoreTop 5 cybersecurity risks for 2015

HP — which declined to name the products it tested — said the most basic of those security holes involved poor password practices.

Some devices didn't require strong passwords, while all 10 of the products tested failed to lock the account after a certain number of failed password attempts.

Security startups surge

"These are things that a lot of web companies have perfected, but when you move to a different [space] that doesn't specialize in web security those practices just kind of drift away," Schmitt said.