f5-nz logo
Story image

Google to demand two-factor authentication across Nest accounts

12 May 2020

Google is cracking down on authentication protocols for its popular line of connected devices, Google Nest.

Google will soon require users without two-factor authentication enabled - and users with a Nest account that is unconnected to a Google account - to undergo mandatory two-factor authentication when they log into their Nest account.

Google’s parent company Alphabet took over the Nest brand back in 2014 but always operated as its own separate company. In 2019, Google announced that Nest, and Google Home would merge to become Google Nest.

Nest products include indoor cameras, Chromecasts, smoke alarms, Nest Hub, smart speakers, and many others.

Now users who formally have Nest accounts will be migrated to a Google account. Users will be required to authenticate themselves via email when logging into their Nest accounts.

“When a new login is initiated —for example, from a new device— you’ll receive an email from account@nest.com with a six digit verification code to be entered in order to successfully sign in. This code is to verify it is you trying to access your account and without this code, you will not be able to log in,” writes Google.

Two factor authentication is important to reduce the risk of someone else accessing a user’s Nest account, even if that someone else has the credentials like a Nest username and password.

The move has attracted attention from the likes of cybersecurity firms such as ESET.

ESET cybersecurity specialist Jake Moore says, “Two factor authentication is not a very difficult layer of security to set up, but humans are the masters of procrastination, so a little enforcement can go a long way. The majority of people do not use two factor authentication, or for that matter password managers either, so when Google start to lay down some ground rules, those who are not familiar with it are soon confronted with a lesson in cybersecurity if they want their device to continue to work.

He says that once Google sets out strong authentication rules, it’s likely that other developers will follow suit. 

“This would be a good time to make sure that Nest users have access to the original email that they set up their accounts with to reduce any possible mishaps in adding this extra protection.”

Google suggests that users:

  • Enable 2 factor authentication in the Nest app using their phone number
  • Use a strong and unique password 
  • Consider migrating to a Google Account.