A small but increasing number of Nest security camera owners across the country are reporting their cameras have been hacked, often to blast out audio messages. In one instance, a California family received a fake warning of a North Korean missile attack.
The problem isn’t with Nest. Google confirms that the service has not been breached. What’s happening is that some people are reusing passwords across multiple sites, so if one site is hacked, attackers take that email address and password and try it against other sites.
But safeguarding your Nest account is easy with two-step authentication. This requires you to verify your identify using a trusted device, such as your smartphone. You provide your password in the first step, and Nest then sends a PIN to your trusted device. You must then provide both pieces of information to access your Nest account.
It works because hackers can’t get into your account with a password alone: They would need to steal your Nest password, your trusted device (your smartphone), and they would need to know the PIN needed to unlock that device.
Here’s how to set it up on your Nest account.
Open the Nest app, click the gear icon in the top right corner. Next, click “Account” and then “Manage Account.”
On the second line you’ll see the setting for “Account Security.” It will say “Password Only,” unless someone in your family group has already set up two-step authentication. If they have, you’re good to go.
If not, click on “Account Security” and you’ll land on a page where you can change your Nest password and switch on two-step authentication.
If you haven’t changed your Nest password in a while, this is a good time to do it (you never want to use the same password for a long period of time, and you should never use the same password for multiple devices or services). Make your new password unique. For the best (and easiest) security, install a password manager and have it generate a random password.
Finally, switch on two-step verification.
Many services use a PIN generated by an app in your phone, but Nest sends this via SMS text message. That’s not as secure as an app, but it’s still a whole lot more secure than a plain password.
Nest will ask you for a phone number and it will then send a code to your phone. Type that code into the app to prove you received it and you’re done.
Your Nest account is now protected by two-step verification, making it much more difficult for anyone to hack into the account, access your cameras, or send creepy audio messages into your home.
Remember, this is designed to be hack proof, so you’ll need your password and phone when logging into Nest from a new device. It’s specifically designed so that it’s the only way to log in: Don’t cancel your phone service without changing the linked number in the two-step settings.
And never give out your two-step codes over the phone or by email to anyone asking for them, no matter how legitimate the request seems.
Now that you’re feeling good about protecting your Nest account, enable it for all your other important accounts. Many web services, banks, email providers and shopping sites support it these days. You’ll be glad you did.
Martyn Williams produces technology news and product reviews in text and video for PC World, Macworld, and TechHive from his home outside Washington D.C.. He previously worked for IDG News Service as a correspondent in San Francisco and Tokyo and has reported on technology news from across Asia and Europe.