Smart devices are slowly making their way into every aspect of our lives. While these devices do go a long way in making things more comfortable, critics argue that there's always an underlying threat to users' privacy. Take the recent debacle with Xiaomi's Mijia smart security cameras for example. Earlier this year in January, Google temporarily killed Mi Home integration with the Assistant due to a bug in the Xiaomi security camera which broadcasted stills from other people's security cameras to an unsuspecting user. While both the companies involved have resolved the issue since then, a number of people are still apprehensive about bringing such smart devices into their lives. In a bid to secure its Nest family of smart devices and provide some much-needed reassurance to users, Google is now making two-factor authentication mandatory for all Nest users.
According to a recent blog post from the company, all Nest users who have not enabled two-factor authentication will be required to do so starting this spring. While the feature has been available to all users for quite a while, all Nest users will now have to take an extra step to verify their identity via email when logging into their account. Users will receive an email from account@nest.com every time they log into their account which will contain a six-digit verification code. Google will use the code to verify the users' identity and users trying to log in without the code won't be granted access to their accounts. The company claims that mandatory two-factor authentication will "greatly reduce the likelihood of an unauthorized person gaining access to your Nest account."
The post also details some additional measures that Google has taken in the recent past to protect users from unauthorized access. Earlier this year, the company started applying a Google Cloud security technology called reCAPTCHA Enterprise to Nest accounts that can detect when an automated attack is attempted on an account and reduces the likelihood of it being successful. Back in December last year, the company rolled out login notifications to Nest accounts, which alert users whenever someone logs into their account and give them the chance to take action immediately if they detect any suspicious activity. Furthermore, Google has been using some additional protections to help keep Nest accounts secure, including a check to see password exposure in previously-known credential breaches, proactive account resets on detection of suspicious activity and more. On top of all that, Google has also highlighted best practices for users to help them secure their accounts.
Source: Google Blog