Nest is rolling out mandatory two-factor authentication starting this month

Photo by Vjeran Pavic / The Verge

Nest will start enabling two-factor authentication by default for its accounts in May, the company has announced. When a user tries to log in using their username and password, they’ll now also have to enter a six-digit code sent to them over email as an extra security measure. In a help page spotted by Engadget, Nest says that the change will apply to any users who haven’t already set up two-factor authentication via a phone number, or who haven’t migrated to a Google account.

The changes were announced earlier this year in response to reports that Nest’s security cameras were being “hacked” across the US. Google was quick to respond to confirm it hadn’t suffered a security breach, and that what had actually happened was that users were re-using passwords across services, and that the hacks were the result of security breaches elsewhere. An extra layer of security like two-factor authentication helps prevent this issue, but previously it relied on Nest users opting in to turning it on.

Nest says it will be notifying users before making the security change. “Until then, ensure you can still access the email associated with your Nest account,” it warns.

Comments

We only have the thermostat but really getting sick of all the changes since the Google takeover. I held off migrating to a Google account as I’m not a big Google user but they made it mandatory.

Now I need to give Google even more of my data to protect my account from someone turning the heating down.

migrating to a Google account as I’m not a big Google user but they made it mandatory.

Did they though…?

If you can find a way to make a Nest account without using a Google ID, please show me.

If you have an old nest account you don’t need to migrate. All new ones must be tied to a google account. Honestly i’d rather it be tied to my google account anyway.

I still have my Nest account.

If you can find a way to make a Nest account without using a Google ID, please show me

That not what you said you said

I held off migrating to a Google account as I’m not a big Google user but they made it mandatory.

And when someone questioned whether that was actually trur, you moved the goalposts.

As for new accounts… I mean Google bought Nest 6 years ago… At some point they are going to consolidate systems instead of running two of them for legacy purposes. Alternatively Nest could have gone out of business (they are losing millions of dollars a year as a business unit)

I don’t use a Google account. I use a Nest account. Sometimes when the app launches it gives me a screen where it asks me to merge my Nest account with my Google account. But at the very bottom is a small link that says "Continue logging in with my Nest account" or something to that effect.

I held off migrating to a Google account as I’m not a big Google user but they made it mandatory.

Now I need to give Google even more of my data to protect my account from someone turning the heating down.

I mean Nest is owned by Google… so either way Google will have your "data". ¯\(ツ)

The thing these places (Nest, Ring, Arlo) are forgetting is to provide some variable way of complying with dual factor. You might be surprised to find that some employers block access to personal e-mail accounts. Some don’t allow personal cell phones. So, while I used to be able to access my cameras/doorbells at work, I no longer can. They ask for dual factor every time I access the web interface. I have some systems where the dual factor provides you some options, different e-mails or phone numbers that have to be pre-arranged, but can be selected at the time of login. Some even offer a number be read to a regular phone, if text isn’t an option. The minimal implementations they are mandating restrict you from your devices if you can’t get to that one e-mail, or that one phone.

You can use Google Voice to setup an alternate phone number where you can read/send texts via web.

Still this sounds more like an issue with your employer than on Google. If you employer doesn’t want you to check you email or use your own phone (for either productivity or security reasons), then they probably don’t want you watching video streams of your home either. Overly strict? Probably… But it’s not on Google to help you subvert your own employment contract

The problem is, at least with the Nest Hello, is that it slows down the process. Someone rings the doorbell and I want to see who it is. It already takes the app 15 to 30 seconds to launch the app and start showing me the video stream. Now I have to wait for a text or email to come so that I can enter a code while someone is standing at the door waiting.

I’m not familiar with Nest Hello… but is there any option to "remember me" so that you only have the do the 2FA once a every 30 days or so?

I just went ahead and enabled 2FA since it’s inevitable. It doesn’t require 2FA every time. It must only ask periodically or whenever you log in from an unrecognized device.

Meanwhile, migrating to a Google account is impossible if your Google account is part of G Suite. Yes, I have an old G Suite account with a custom domain from when they were giving them out for free. No, I am not going to tell my entire family to switch to Gmail because Google can’t get their act together.

They need to bring back the Apple Watch application and allow for multiple schedules for the thermostat.

View All Comments
Back to top ↑