Following stories of Nest devices getting “hacked” due to bad password management, Google reiterated that there was no actual breach of the company’s smart home devices and encouraged users to enable 2FA. The Google owned-company is now resetting passwords on accounts that it believes are compromised.
According to The Verge, Nest began alerting affected accounts last night via email, and forcing these users to set a new password before regaining access to their smart home devices. This is a common practice, but before the series of reports last month, Nest only recommended that users change their credentials.
Google previously detailed how it “looks across the internet to identify breaches” on third-party sites and alerts Nest users “when compromised accounts are found.” The hardware division is now taking it a step further to prevent more incidents of nefarious actors accessing devices to harass owners.
In an email to all customers in early February, Nest also recommended additional steps to increase security like enabling 2-step verification and choosing strong passwords. The company already prevents credentials that appear on known compromised lists from being used. Other steps include setting up Family Accounts to grant other people access instead of sharing the same login.
Google should have forcibly reset passwords from the beginning given how even access to cameras and security systems is highly sensitive. Regardless, it is good that the company is now taking this commonplace — albeit annoying — step for end users. In a statement to The Verge, the company said it would reset compromised passwords going forward.
More about Nest:
- Report: Made by Google 2019 lineup includes budget Pixel, Google Home, watch, new Nest Cam
- Nest Secure can now be turned into another Google Assistant speaker for your home
- How to turn on two-step authentication on Nest to secure your cameras, locks, more