Nest Adds Two-Step Authentication to Increase Security for Nest Cams and Thermostats

by

Smart home accessory company Nest today announced the addition of two-step authentication into its mobile apps for iOS and Android devices, which will act as an extra layer of security that prevents intrusions into a user's Nest account. The company said that these extra security measures can help prevent malicious access to private information, particularly camera feeds of Nest Cam products.

To activate two-step authentication, users can find a toggle menu in the Account Security settings of the official Nest app. After "2-step verification" is toggled on, users will have to sign in again by typing in a traditional email and password. Two-step authentication makes the process more secure by then texting a verification code to an approved device, which Nest owners will then have to enter into the app to gain access to their Nest products.

We all know data security is a moving target. Technology keeps advancing, but so do the people who want to break into your email, your credit card or any other account they can get their hands on. But your home is your safe haven, where private information should stay private. So today we’re adding a new layer of security with the introduction of two-factor authentication.

You may have seen or used two-factor authentication before, probably to get into your email or bank account. It’s simple but very effective – even if someone figures out your password, they still need to actually get their hands on your phone to get into your account. It takes a minute or two for our customers, but for hackers working from computers all over the world, things get a whole lot harder.

Nest said that this isn't the first time it has updated security across all of its products, and the company intends to continue rolling out security and privacy-focused tweaks to Nest Thermostats, Nest Protect smoke alarms, and Nest Cameras "as new technologies become available or we learn about new threats."

Tag: Nest

Top Rated Comments

(View all)
Avatar
48 months ago
Guys, this is not 2 factor authentication. This is two step authentication. There is a difference!

Two factor identification makes sure it is gathering two of the following:
- something you have
- something you know
- something you are
- some people also now include "somewhere you are" as an additional factor now, but this is still new

two-step is not two factor... Apple for instance had two step auth before (and still does), but then it added true two-factor auth when codes were no longer sent via text message but rather sent directly to an approved device. That allowed for two-factor to be complete (something you know - a password - and something you have - a device).

Nest's release really makes a jumble out of this by calling it both "two step" and "two factor" in simultaneously in their release. It sounds like the engineering guys are calling it "two step" correctly, but then the marketing guys got ahold of it and didn't know what they were talking about and called it two factor.
Score: 11 Votes (Like | Disagree)
Avatar
48 months ago

With the method you linked to (which, I understand, is just one method) -- that's assuming I registered a standard cell number to receive the two-step verification SMS messages. I've got a VoIP line that accepts SMS and several Google Voice numbers that all obviously accept SMS. If someone wanted to find out which number I used badly enough, I'm sure they could; but most people wouldn't bother.

Using services that can forward SMS to other devices (e.g. via email) are far less secure than using a real mobile phone number (which is why e.g. banks often don't allow Google Voice numbers or similar for delivery of TANs). They also make it decidedly "not two-factor", since the bad guys can intercept the codes if they know your email credentials (e.g. from phishing or otherwise hacking your account).

SIMs with modern encryption specifications are actually not easy to clone (unfortunately some carriers still use SIMs with less secure old encryption methods though). The bigger risk is that hackers have sometimes been able to convince phone companies to activate a phone number on a new SIM via social engineering, or capture the SMSs via malware that is running right on the phone (particularly common on Android).
Score: 2 Votes (Like | Disagree)
Avatar
48 months ago
No HomeKit? No way!
Score: 2 Votes (Like | Disagree)
Avatar
48 months ago
Meh. I trust HomeKit more.
Score: 2 Votes (Like | Disagree)
Avatar
48 months ago

No HomeKit? No way!

Why would they? Nest is a competitor to HomeKit.
Score: 1 Votes (Like | Disagree)
Avatar
48 months ago
Great. Now you just have to trust Google to have access to your camera!
Score: 1 Votes (Like | Disagree)

Top Stories

First iPhone 12 Mini Hands-On Video Surfaces [Update: Video Pulled]

Wednesday October 28, 2020 1:21 pm PDT by
Apple's iPhone 12 mini and the iPhone 12 Pro Max aren't set to be available until November 13, but a Romanian YouTuber got his hands on the iPhone 12 mini and showed it off today, offering a size comparison between the iPhone 12 and the 12 mini along with going over some of the device's features. The iPhone 12 mini is identical to the iPhone 12 in design and functionality, but it has a...

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

After Mocking Apple, Samsung May Remove Power Adapter From Galaxy S21 Box

Tuesday October 27, 2020 4:29 pm PDT by
Samsung's Galaxy S21, coming in 2021, may not include a power adapter or headphones in the box, according to reports from Korean media sites highlighted by SamMobile. Rumors earlier this year also said that Samsung was considering removing these accessories from future smartphone models, but that didn't stop Samsung from mocking Apple for selling the iPhone 12 models without a power adapter...

Report: Apple Silicon iMac Featuring Desktop Class 'A14T' Chip Coming First Half of 2021

Tuesday October 27, 2020 4:14 am PDT by
The first iMac powered by Apple Silicon is set to arrive in the first half of next year and will feature a desktop class "A14T" chip, according to Chinese-language newspaper The China Times. Codenamed "Mt. Jade," Apple's first custom-made desktop processor will be twinned with its first self-developed GPU, codenamed "Lifuka," both of which are being produced using TSMC's 5-nanometer process, ...

iPhone 12 Ceramic Shield Still 'Scratches at Level 6 With Deeper Grooves at Level 7' in Mohs Hardness Test

Wednesday October 28, 2020 7:10 am PDT by
iPhone 12 and iPhone 12 Pro models feature a new Ceramic Shield front cover that is "tougher than any smartphone glass," according to Apple, but the displays on the devices still have similar scratch resistance as previous iPhones based on a new test. Zack Nelson today shared his much-anticipated iPhone 12 Pro durability test on his YouTube channel JerryRigEverything, and based on the Mohs...

2020 iPad Air vs. iPad Pro: Hands-On Comparison

Tuesday October 27, 2020 3:03 pm PDT by
Apple announced the new 2020 fourth-generation iPad Air in September, but the new tablets just started shipping out to customers last Friday. We picked one up and thought we'd do a hands-on comparison with the iPad Pro, which was last updated in March, because both tablets are about as powerful and share many similarities. Subscribe to the MacRumors YouTube channel for more videos. Design and ...

MagSafe Charger Only Charges at Full 15W Speeds With Apple's 20W Power Adapter [Updated]

Monday October 26, 2020 3:38 pm PDT by
Alongside the iPhone 12 and 12 Pro models, Apple introduced a new MagSafe charger that attaches to the magnetic ring in the back of the devices, providing up to 15W of charging power, which is double the speed of the 7.5W Qi-based wireless charging maximum. Apple does not provide a power adapter with the $39 MagSafe charger, requiring users to supply their own USB-C compatible option. Apple...

Apple Files Mystery 'Personal Computer' With Placeholder 'B2002' Name in Bluetooth Product Database

Tuesday October 27, 2020 12:36 pm PDT by
Last week, a listing appeared in the Bluetooth product database for an Apple product with a placeholder name "B2002" and a model number of "TBD." MacRumors was alerted to the listing by health and fitness tech website MyHealthyApple. The product is filed under the "personal computer" category, which Apple has used for previous Mac and iPad listings in the database, so it is hard to pinpoint...

Apple Releases First macOS Big Sur 11.0.1 Beta to Developers [Update: Public Beta Available]

Wednesday October 28, 2020 10:15 am PDT by
Apple today seeded a new macOS Big Sur 11.0.1 beta to developers for testing purposes, with the new beta replacing the existing macOS Big Sur 11 beta 10 update that was released two weeks ago. The macOS Big Sur beta can be downloaded through the Apple Developer Center and once the appropriate profile is installed, subsequent betas will be available through the Software Update mechanism in...

iPhone 12 Models Might Support Reverse Charging of Future Apple Accessories According to FCC Filing

Tuesday October 27, 2020 6:25 pm PDT by
iPhone 12 models could have an inactive wireless charging feature for accessories, according to an FCC filing discovered by VentureBeat's Jeremy Horwitz. In the filing, Apple said that 2020 iPhones support a wireless charging function that will seemingly be enabled for at least one future Apple accessory:In addition to being able to be charged by a desktop WPT charger (puck), 2020 iPhones...