Nest has previously washed its hands of any lapses in its security systems by claiming that the hacks were caused by the camera owners’ own undoing — that is, poor password selection and a failure to enable the all-important two-factor authentication option. But now, Nest is taking matters to new heights. The company is now locking out Nest user accounts with what it believes as weak and possibly compromised passwords. Why? To hopefully kill two birds with one stone by forcing users to adopt better password hygiene and while they’re at it, use two-factor authentication on their accounts.
Nest wants you to clean up your password act
Having users reset their passwords after a suspected breach is fairly standard practice. But although Nest maintains that there’s no actual massive breach on its part, it’s interesting that it scoured the internet for the huge caches of stolen credentials flying around and scanned for weak and reused passwords. As we mentioned earlier, both highly publicized cases were caused by compromised Nest accounts using stolen passwords from the victims’ other online accounts. It turns out that both families were using recycled passwords that were also being used on other sites. This jacking technique is commonly referred to as “credential stuffing.” This is when someone feeds the credentials to an automated program that tries them all out on various websites, hoping that people have reused their passwords on multiple services. And with all the massive data breaches that are happening on a regular basis, stolen credentials are now being freely distributed online. We keep crowing about it, but this is a good reminder of why you should always use unique passwords for all your accounts and never ever reuse the same password for multiple online services and websites. And while you’re at it, never keep all your eggs in one basket, so to speak, and don’t use weak passwords that can be easily cracked. Here are new ways to come up with a secure password.
If you have a Nest account, check your app and account ASAP
It’s actually a good thing that Nest is being highly proactive about this situation. But eagle-eyed users are saying that locking out Nest accounts brings its own set of security issues. First, you will no longer receive your app notifications from your Nest cameras. Next, you won’t be getting your app notifications from your Nest Protect smoke detectors, either. Failing to change your weak and reused password in a timely manner also means that a hacker might beat you to it and, ironically, lock you out of your account too. Important: If you do get an email claiming to be from Nest, don’t follow any of the links in the email itself. As usual, scammers may try and piggyback this situation and create phishing emails, pretending to from Nest. Take our phishing IQ test to see if you can spot a fake email.
How to change your Nest account password
Keep in mind that Nest is not locking out every user, just the accounts whose passwords are considered weak and possibly included in the millions of compromised credentials being hawked around. However, this is a good time to review your Nest password and your security options, in general. If you think your Nest password needs a bit of shoring up, here’s how you do it. How to change your Nest account password:
On the Nest app home screen, tap Settings.Select the Account, then Manage account.Select Account Security, then Account password.Enter your current password and your new password, then tap Save changes.
Use 2FA on your Nest account
Next, please enable two-factor authentication (also known as 2FA) on your Nest account, as soon as you can. This will stop any credential stuffing attacks immediately. This is an extra level of security that could keep others from accessing your account, even if they manage to steal your credentials. Once enabled, you would still enter your username and password but the system would still require another piece of information. For example, a code sent to your phone, or from an authenticator app during a login attempt. After you prove your identity, you’ll often be given the option to mark the device you’re using as safe, so you won’t need to verify again. Here are the steps to add two-factor authentication for your Nest account:
Make sure all the phones and tablets used to access your account have the latest version of the Nest app.On the Nest app home screen, tap Settings.Select Account, then Manage account.Tap Account security.Select 2-step verification. Then tap the switch to toggle 2-step verification On.Follow the prompts to enter your password, phone number, and unique verification code sent to your phone.
Before you even think about migrating out of the Nest ecosystem because of the recent reports, we highly recommend that you enable two-factor authentication immediately. It’s simple but it could definitely save your Nest gadgets from getting hacked again.