Due to several reports of pranksters gaining access to people’s Nest security cameras — in one case, telling them of an impending nuclear attack — Nest has sent out an email message to all owners of its cameras that they need to beef up their security, namely by picking better passwords and enabling two-factor authentication.
“In recent weeks, we’ve heard from people experiencing issues with their Nest devices,” reads the email. “We’re reaching out to assure you that Nest security has not been breached or compromised.”
The message goes on to read, “For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet.”
If you own a Nest product, one of the easiest things to help ensure no one else can gain access to your camera is to enable two-factor authentication. When activated, the Nest app will send a code to your smartphone, which you then have to enter into the app, before you can make any changes.
Here’s how to enable two-factor authentication.
Open the Nest app on your smartphone.
Press the gear icon in the upper right-hand corner.
Select Manage Account.
Select Account Security.
Under the section titled “2-step verification,” move the slider to the On position.
Enter your Nest password and press Continue.
Enter your phone number, and press Send Code.
You should receive a text message from Nest with a six-digit code. Enter it into the spaces provided and press Continue.
Two-factor authentication is now enabled. Now, when you want to make a change to your Nest account, you will have to enter a one-time code sent by Nest.
We’re a little disappointed that Nest doesn’t support using the Google Authenticator app as the second factor, as that’s arguably even safer than relying on texted codes. (Here’s why.) But any form of two-factor authentication is better than none.
You should also use the brand-new Password Checkup extension for Google’s Chrome browser. It will monitor the passwords you log into websites with and alert you if the password has been compromised by a data breach.
As always, make sure you create a unique password that’s not used for any of your other accounts, and isn’t easy to guess.
If you’re setting up a Nest account for the first time on an Android phone, the Nest app will scan your device for other accounts — Gmail, Yahoo, Microsoft, etc. — and ask if you want to use one of those email addresses for your Nest login. It will also suggest that you simply log in with your Gmail password. Resist the temptation to reuse passwords, and create an entirely new one.