Nest will start enabling two-factor authentication by default for its accounts in May, the company has announced. When a user tries to log in using their username and password, they’ll now also have to enter a six-digit code sent to them over email as an extra security measure. In a help page spotted by Engadget, Nest says that the change will apply to any users who haven’t already set up two-factor authentication via a phone number, or who haven’t migrated to a Google account.
The changes were announced earlier this year in response to reports that Nest’s security cameras were being “hacked” across the US. Google was quick to respond to confirm it hadn’t suffered a security breach, and that what had actually happened was that users were re-using passwords across services, and that the hacks were the result of security breaches elsewhere. An extra layer of security like two-factor authentication helps prevent this issue, but previously it relied on Nest users opting in to turning it on.
Nest says it will be notifying users before making the security change. “Until then, ensure you can still access the email associated with your Nest account,” it warns.