Google is stepping up the security of its Nest smart home devices. The company has announced that it will require email-based two-factor authentication for all accounts if the feature wasn’t previously enabled or people who migrated to a Google account.
This move is to ensure fewer account bridges if at all seeing how two factor authentication reduces the chances of someone hijacking your smart home setup.
Nest still recommends that users migrate to Google accounts if they want to stay secure, although there is a caveat: you can’t currently link a Nest account if you have Google’s Advanced Protection turned on. Google is fixing this, but doesn’t have an estimate for when that solution will be ready.
“We’re always exploring how to protect your privacy and security while also giving you control over the ease of access to your account and what you share. After all, devices like cameras and smoke alarms are essential in emergencies. However, an extra layer of defense gives you more control over your home devices in the long run by making sure only trusted people and devices can use them” Google wrote in the announcement post
Google also sited additional measures it takes to keep your account secure.
“When you supply a password for your Nest account, we check to see if that password was potentially exposed in previously-known credential breaches outside of Google.
We proactively reset accounts when we detect suspicious activity.
We use automatic updates, don’t allow default or easy-to-guess device passwords and verified boot, which prevents your devices from running malicious code.” Google explains
The vulnerability of smart home systems has been a sore point for years, and it’s becoming more of an issue now that Nest and others have a host of connected alarms, cameras, doorbells, and locks.