Google’s Nest will force customers to use two-factor authentication
Google announced today that Nest customers will soon be required to enroll in two-factor authentication. In theory, that should provide a good extra step of security for devices that regularly monitor and help secure your home.
Google says that beginning this spring, any Nest users who haven’t already enrolled in two-factor authentication or migrated their Nest account to a Google account will have to verify their identity over email when they try to log into their account. Nest will email you a six-digit verification code that you’ll have to enter to successfully log in.
Nest forcing all users to turn on two-factor authentication differentiates it from Amazon-owned Ring, which makes two-factor authentication opt-out for new customers, but opt-in for existing ones. Ring does it that way because forcing two-factor authentication would require the company to log out all users, which could prevent access to some alarms and cameras until a customer opened the app again, Ring founder Jamie Siminoff told said.
The company is doing this step to prevent customers who’ve fallen victim to other data breaches (and who reuse passwords) from having their sensitive devices compromised through automated attacks. “Google accounts come with added protection against this, and now we’re addressing this issue for those who haven’t migrated to Google accounts,” Cory Scott, head of Google Nest security, wrote in today’s blog post.
Nest has other login security features as well; it will notify you over email every time someone logs into your account, for example, and it will also proactively log you out and force a password reset if it believes your password has been compromised.