Google's Nest smart home division is to request that all users enable two-factor authentication, starting this spring.
Enabling two-factor authentication (2FA) should prevent anyone other than the account holder from logging into a Nest account and interfering with devices or viewing video feeds from Nest smart home security cameras.
- Nest security camera owners targeted by sextortion campaign
- Nest security camera hacker told family that missiles were on their way
- Nest Hub Max review
With the security feature enabled, whenever someone tries to log into a Nest account for the first time (such as when a potential hacking is trying to log into someone else's account), an email containing a unique security code will be sent to the account holder. Only with access to the user name, password and that code will someone be able to log into the Nest account.
Two-factor authentication has been available as an option to Nest users for some time, but as of this spring (Google hasn't given a specific date or month just yet) its use will become compulsory.
The system is also now available for those users who have already migrated their Nest account to a Google account. But for those who have stuck with Nest and not switched to a Google account, they'll soon have 2FA forced on them.
2FA will protect users of all Nest smart home productsNest
"When a new login into your account is initiated, you'll receive an email from firstname.lastname@example.org with a six-digit verification code," said Google in a blog post. "That code will be used to make sure it's you trying to login. Without it, you won't be able to access your account. This will greatly reduce the likelihood of an unauthorized person gaining access to your Nest account."
This extra layer of security should help stop strangers, or anyone, from logging into Nest accounts and viewing security cameras that don't belong to them or where they shouldn't have access. That has been an issue for Nest, with instances cropping up on numerous occasions in recent months. Nest had previously told customers that they needed to use better passwords, rather than make 2FA required. Now users will have to use this option.
Rival smart home security company Ring, which sells video doorbells among other products and is owned by Amazon, also offers 2FA, but its use is opt-in for current users and opt-out for new users, rather than being mandatory for all.
Google's blog post highlights how 2FA is needed to protect customers from data breaches, where usernames and passwords are stolen and sold online. These credentials are then used in an automated fashion to try and log into other online accounts (as many people use the same passwords for multiple accounts).
With 2FA, even if a hacker has the correct username and password to a Nest account, they cannot log in unless they also have access to the victim's email inbox.
Google WiFi system, 3-Pack - Router replacement for whole home coverage (NLS-1304-25)