Nest Adds Two-Step Authentication to Increase Security for Nest Cams and Thermostats

Smart home accessory company Nest today announced the addition of two-step authentication into its mobile apps for iOS and Android devices, which will act as an extra layer of security that prevents intrusions into a user's Nest account. The company said that these extra security measures can help prevent malicious access to private information, particularly camera feeds of Nest Cam products.

To activate two-step authentication, users can find a toggle menu in the Account Security settings of the official Nest app. After "2-step verification" is toggled on, users will have to sign in again by typing in a traditional email and password. Two-step authentication makes the process more secure by then texting a verification code to an approved device, which Nest owners will then have to enter into the app to gain access to their Nest products.

We all know data security is a moving target. Technology keeps advancing, but so do the people who want to break into your email, your credit card or any other account they can get their hands on. But your home is your safe haven, where private information should stay private. So today we’re adding a new layer of security with the introduction of two-factor authentication.

You may have seen or used two-factor authentication before, probably to get into your email or bank account. It’s simple but very effective – even if someone figures out your password, they still need to actually get their hands on your phone to get into your account. It takes a minute or two for our customers, but for hackers working from computers all over the world, things get a whole lot harder.
Nest said that this isn't the first time it has updated security across all of its products, and the company intends to continue rolling out security and privacy-focused tweaks to Nest Thermostats, Nest Protect smoke alarms, and Nest Cameras "as new technologies become available or we learn about new threats."

Tag: Nest


Top Rated Comments

(View all)
Avatar
33 months ago
Guys, this is not 2 factor authentication. This is two step authentication. There is a difference!

Two factor identification makes sure it is gathering two of the following:
- something you have
- something you know
- something you are
- some people also now include "somewhere you are" as an additional factor now, but this is still new

two-step is not two factor... Apple for instance had two step auth before (and still does), but then it added true two-factor auth when codes were no longer sent via text message but rather sent directly to an approved device. That allowed for two-factor to be complete (something you know - a password - and something you have - a device).

Nest's release really makes a jumble out of this by calling it both "two step" and "two factor" in simultaneously in their release. It sounds like the engineering guys are calling it "two step" correctly, but then the marketing guys got ahold of it and didn't know what they were talking about and called it two factor.
Rating: 11 Votes
Avatar
33 months ago
No HomeKit? No way!
Rating: 2 Votes
Avatar
33 months ago
Meh. I trust HomeKit more.
Rating: 2 Votes
Avatar
33 months ago

With the method you linked to (which, I understand, is just one method) -- that's assuming I registered a standard cell number to receive the two-step verification SMS messages. I've got a VoIP line that accepts SMS and several Google Voice numbers that all obviously accept SMS. If someone wanted to find out which number I used badly enough, I'm sure they could; but most people wouldn't bother.

Using services that can forward SMS to other devices (e.g. via email) are far less secure than using a real mobile phone number (which is why e.g. banks often don't allow Google Voice numbers or similar for delivery of TANs). They also make it decidedly "not two-factor", since the bad guys can intercept the codes if they know your email credentials (e.g. from phishing or otherwise hacking your account).

SIMs with modern encryption specifications are actually not easy to clone (unfortunately some carriers still use SIMs with less secure old encryption methods though). The bigger risk is that hackers have sometimes been able to convince phone companies to activate a phone number on a new SIM via social engineering, or capture the SMSs via malware that is running right on the phone (particularly common on Android).
Rating: 2 Votes
Avatar
33 months ago

Guys, this is not 2 factor authentication. This is two step authentication. There is a difference!

Two factor identification makes sure it is gathering two of the following:
- something you have
- something you know
- something you are
- some people also now include "somewhere you are" as an additional factor now, but this is still new

two-step is not two factor... Apple for instance had two step auth before (and still does), but then it added true two-factor auth when codes were no longer sent via text message but rather sent directly to an approved device. That allowed for two-factor to be complete (something you know - a password - and something you have - a device).

Nest's release really makes a jumble out of this by calling it both "two step" and "two factor" in simultaneously in their release. It sounds like the engineering guys are calling it "two step" correctly, but then the marketing guys got ahold of it and didn't know what they were talking about and called it two factor.

Very good explanation. This should be sent/posted to Nest to see if they correct their documentation.
Rating: 1 Votes
Avatar
33 months ago
There is a CIA exploit for that. :)
Rating: 1 Votes
Avatar
33 months ago

No HomeKit? No way!

I contacted Nest support to ask if they had plans to offer HomeKit, and if not why. They never responded. will not buy another from these screwups.
[doublepost=1488903777][/doublepost]

Why would they? Nest is a competitor to HomeKit.

How is it a competitor to a home automation framework? It is only a device, just like Honeywell and Ecobee which happen to support the framework.
Rating: 1 Votes
Avatar
33 months ago

No HomeKit? No way!

Why would they? Nest is a competitor to HomeKit.
Rating: 1 Votes
Avatar
33 months ago
Great. Now you just have to trust Google to have access to your camera!
Rating: 1 Votes
Avatar
33 months ago
I just want local "Cloud" storage.
Rating: 1 Votes
[ Read All Comments ]