Smart home devices can take some of the busywork out of your life, but security for the so-called Internet of Things leaves a lot to be desired. Google-owned Nest realizes that, apparently. The company just announced it’s adding two-step verification to Nest accounts.
The feature is rolling out now to Nest’s mobile apps. Open the app, and tap the menu icon in the upper left corner of the app, and then select Account Security. There you’ll see a “2-step verification” slider. Tap that slider and go through the process to activate the security feature.
Nest’s two-step verification does not rely on getting a code from an authenticator app such as Google Authenticator. (Odd, since Nest is a Google company.) Instead, every time you need to sign-in to your Nest account again, you’ll receive a text message with a code. Enter that code into the app, and you’ll have access to your account.
The story behind the story: Nest’s version of 2-step authentication is similar to Apple’s, and many other services also use text messages as a back-up for authenticator apps. Text-based SMS verification is leaps and bounds better than no additional authentication at all, and Nest users should activate the feature pronto if they’re able.
It’s well known that SMS verification is the weakest form of two-step verification, however, since text messages can be hijacked by hackers more easily than a device’s authenticator secrets could be stolen. Wired has a detailed explanation of the problem, but the basic issue is that if someone gets control of your phone number or redirects your text messages to a different number, then they’ve got your verification codes. That’s an unlikely worry for the vast majority of users, but here’s hoping Nest adds Google Authenticator support at some point in the future.