Google Nest, the smart home brand for Google’s line of smart speakers, thermostats, smoke detectors, and more, announced this morning that it will soon require all Nest users to enroll in two-factor authentication to further protect their account. The feature has long been available to Nest users, but was previously optional. Given that most users only follow the default settings, they were putting their accounts at risk of being accessed by an unauthorized person.
Nest says the feature will be required for all users who had yet to turn on two-factor authentication or migrate their account to a Google account.
The move to require two-factor comes shortly after rival Amazon announced a similar plan for Ring, which will require two-factor to be enabled sometime later this year. Ring’s version will support codes sent over text messages, the company said.
In Nest’s case, when a new login to your account is initiated, you’ll receive an email from [email protected] with a 6-digit verification code. This code is what you’ll provide to confirm it’s you trying to login — and if you can’t provide it, you won’t be able to access your account. Nest, of course, would prefer that users instead migrate to a Google account to take advantage of Google’s own security protections, which offer a variety of methods for authorizing your account and other benefits, like suspicious activity detection and its “Security Checkup” feature.
Smart home devices have made national headlines in recent months for account hacks, which greatly disturbed users. People said their smart speakers began playing music on their own, in some cases. Others reported people speaking through the devices, terrifying their children. Often, these sorts of breaches are due to users relying only on a username/password combination alone, which is far less secure.
Nest also said it’s adding protection against automated attacks for those who haven’t migrated to Google accounts, and users won’t have to take additional steps to enable the feature.
Device makers like Nest and Amazon know that without forcing users to take the extra precaution, many will not seek out these extra security settings on their own.
While it’s good that companies are now waking up to the dangers of not making two-factor the default, they’ve already allowed the situation to get out of control, as these hacks indicate. That damages their brand long-term and makes people hesitant to buy. There’s really no excuse for not making two-factor authentication a requirement from the very beginning.