Two-factor authentication is becoming increasingly common because it stops just anyone logging in even if they have your email address and password. The option has long been available for Nest, but the company announced earlier this year it would be making it mandatory for all users.
And the change is about to be rolled out some time in May. When you log into the Nest account, you’ll receive an email with a one-time passcode you’ll need to enter to access the account.
Previously, Nest had been accused of having its systems hacked, but it turned out that users had chosen the same email address and password combination as for other sites. One of the other sites had been hacked and the leaked login details successfully used to gain access to Nest accounts.
Given the privacy issues of someone being able to log in and watch your cameras’ video feeds, plus previously recorded video and it’s no wonder that Nest - along with other security camera firms such as Arlo - are making two-factor authentication compulsory.
Nest is owned by Google and while there is no suggestion yet that users will have to switch to a Google account to access their Nest products (or even be forced to use the Google Home app instead of the Nest app), there is that option if you want to.
We’d advise against it for now because ‘works with Nest’ services or products may stop working if you log in with a Google account instead of a Nest account.
Until those services - which include IFTTT - also work with Google, they’ll cease to work if you do choose to log into the Nest app with a Google account.
If you do reuse passwords between various websites and services, it’s still not a good idea to do that even if you have two-factor authentication as malware exists specifically to capture the one-time passcodes used, so for the best security, use a strong password that’s unique to Nest.
A password manager can really help here, since it means you don’t have to remember all the different logins.