Google Nest forcing users into 2FA
Users of Google Nest products will soon be forced into using two-factor authentication (2FA) to access their devices.
Google said starting in spring — autumn, for those not based in the Northern Hemisphere — all Nest users who have not enrolled in the 2FA option, or migrated to a Google account, will be required to “take an extra step by verifying their identity via email”.
See also: Google and Nest combine into a new smart home brand (CNET)
“That code will be used to make sure it’s you trying to login. Without it, you won’t be able to access your account. This will greatly reduce the likelihood of an unauthorised person gaining access to your Nest account.”
In December, Google rolled out login notifications to Nest accounts, which emailed users when someone on their account logged in.
In addition, the search giant said it had also rolled out additional protections, including checking if a password an individual has supplied was potentially exposed in previously-known credential breaches outside of Google.
It said it also resets accounts when it detects suspicious activity.
“We use automatic updates, don’t allow default or easy-to-guess device passwords, and verified boot, which prevents your devices from running malicious code,” it added.
See also: Google Home: Cheat sheet (TechRepublic)
Additionally, Google offered “best practices” for those using Google Nest devices, which included migrating to a Google account.
“In addition to security features, Nest and Google product integrations will be streamlined and work together to create seamless experiences,” Google said.
It also suggested creating a family account to avoid a handful of single log-ins; using unique passwords and changing them frequently for every account; adopting a password manager; checking if an email address an individual uses has been subject to a breach; and avoiding clicking suspicious-looking emails and ensuring to never provide personal information in response to them.
Internet of walled gardens? Go single vendor with your IoT, or else.
An error it may be, but invasive it certainly is.
With the latest from the Google Nest Home family now available, here are some initial thoughts.
The tech giant has backpedaled on a stiff cut-off point for Nest account users.