Networking & Communications

Nest adds two-step authentication to make your smart home more secure

Smart home devices can take some of the busywork out of your life, but  security for the so-called Internet of Things leaves a lot to be desired. Google-owned Nest realizes that, apparently. The company just announced it’s adding two-step verification to Nest accounts

The feature is rolling out now to Nest’s mobile apps. Open the app, and tap the menu icon in the upper left corner of the app, and then select Account Security. There you’ll see a “2-step verification” slider. Tap that slider and go through the process to activate the security feature.


Nest’s two-step verification does not rely on getting a code from an authenticator app such as Google Authenticator. (Odd, since Nest is a Google company.) Instead, every time you need to sign-in to your Nest account again, you’ll receive a text message with a code. Enter that code into the app, and you’ll have access to your account.

The story behind the story: Nest’s version of 2-step authentication is similar to Apple’s, and many other service alsos use text messages as a back-up for authenticator apps. Text-based SMS verification is leaps and bounds better than no additional authentication at all, and Nest users should activate the feature pronto if they’re able.

It’s well known that SMS verification is the weakest form of two-step verification, however, since text messages can be hijacked by hackers more easily than a device’s authenticator secrets could be stolen. Wired has a detailed explanation of the problem, but the basic issue is that if someone gets control of your phone number or redirects your text messages to a different number, then they’ve got your verification codes. That’s an unlikely worry for the vast majority of users, but here’s hoping Nest adds Google Authenticator support at some point in the future. 

IDG Insider


« Razer's zVault virtual currency for gamers is like a mash-up of bitcoin and Xbox Live Points


Google Assistant learns how to read texts as its prime-time rollout continues »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends


Is your organization fully GDPR compliant?