Today, Nest has released an update to their smart home products that lets customers protect their accounts with two-step authentication.
The feature will appear in all of Nest’s apps under the “Account Security” settings, where it can be enabled with the tap of a button. Users will not need to update the app to see the new feature.
If you enable the feature, you will be sent a text message with a verification code after entering your email address and password. To sign in, you will need both the password and the verification code. The process of enabling this feature is easy, and it can go a long way towards protecting your account.
A lot of reports are calling this feature “two-factor authentication,” however, this is incorrect. Two-factor authentication must consist of two of the following:
- Something you have
- Something you know
- Something you are
- Somewhere you are (this is relatively new but acts as a factor to ensure you are in the correct location using geofencing)
Nest has not implemented this because both steps in the authentication process involve something you know. Even though the code is being sent to a device, there is no mechanism in place to ensure that the device is yours and under your possession. Therefore, the new security in all Nest products would be called “two-step authentication” (sometimes called “multi-step authentication).
Apple had two-step authentication before it truly implemented two-factor authentication. The company added two-factor when it stopped sending verification codes via SMS. Instead, the second factor is a code sent directly to an approved device (i.e.: signed in already with your Apple ID).
This isn’t the first time Nest has updated security across all of its devices, and the company confirmed a continued effort to roll out security and privacy-focused updates.
Smart home products, or any IoT (Internet of Things) devices, have been known to have lackluster security, meaning that they are fantastic targets for hackers.