Google Nest forcing users into 2FA

The best way to protect privacy and security is to migrate to a Google account, the search giant says.
Written by Asha Barbaschow, Contributor

Users of Google Nest products will soon be forced into using two-factor authentication (2FA) to access their devices.

Google said starting in spring -- autumn, for those not based in the Northern Hemisphere -- all Nest users who have not enrolled in the 2FA option, or migrated to a Google account, will be required to "take an extra step by verifying their identity via email".

See also: Google and Nest combine into a new smart home brand (CNET)

"When a new login into your account is initiated, you'll receive an email from account@nest.com with a six-digit verification code," the company wrote in a blog post.

"That code will be used to make sure it's you trying to login. Without it, you won't be able to access your account. This will greatly reduce the likelihood of an unauthorised person gaining access to your Nest account."

In December, Google rolled out login notifications to Nest accounts, which emailed users when someone on their account logged in.

In addition, the search giant said it had also rolled out additional protections, including checking if a password an individual has supplied was potentially exposed in previously-known credential breaches outside of Google.

It said it also resets accounts when it detects suspicious activity.

"We use automatic updates, don't allow default or easy-to-guess device passwords, and verified boot, which prevents your devices from running malicious code," it added.

See also: Google Home: Cheat sheet (TechRepublic)

Additionally, Google offered "best practices" for those using Google Nest devices, which included migrating to a Google account.

"In addition to security features, Nest and Google product integrations will be streamlined and work together to create seamless experiences," Google said.

It also suggested creating a family account to avoid a handful of single log-ins; using unique passwords and changing them frequently for every account; adopting a password manager; checking if an email address an individual uses has been subject to a breach; and avoiding clicking suspicious-looking emails and ensuring to never provide personal information in response to them.


Google is a bald-faced IoT liar and its Nest pants are on fire

Internet of walled gardens? Go single vendor with your IoT, or else.

Google says 'hidden' microphone in Nest product never intended to be a secret

An error it may be, but invasive it certainly is.

Google Nest Hub Max: The value of assistants are starting to make sense

With the latest from the Google Nest Home family now available, here are some initial thoughts.

Google appeals for calm over upcoming 'Works with Nest' shutdown

The tech giant has backpedaled on a stiff cut-off point for Nest account users.

Editorial standards