Nest two-factor authentication boosts IoT security

Nest is adding two-factor authentication to its smart home products, aiming to prevent third-parties or hackers getting remote access to your cameras or smart thermostat. The new feature follows increasing concern over the security of the so-called Internet of Things, a topic only likely to become more prevalent as connected devices proliferate. Nest will make two-factor authentication optional, though it's probably something you should turn on.

As we've seen with other two-factor implementations, Nest's system relies on you alone having access to your cellphone and text messages. When set up, every time you log in to your Nest account – whether setting it up for the first time on a new smartphone or tablet via the Nest app, or by logging in through the browser on the desktop – you'll not only require your username and password but a numeric code. That code will be sent out via a text message.

Nest already supports family accounts, which allow multiple people to have access to the same Nest installation. The company recommends setting up these before turning on two-factor authentication, since only one phone number per account can be set up to receive the code. It's worth noting that anybody with a family account can change the settings of your Nest equipment, including turning cameras off.

IoT security has become a hot topic over the past 18-24 months, with the rise of connected devices prompting concerns that companies and users are putting convenience and functionality ahead of basic security. Back in October 2016, a vast network of compromised IoT devices was blamed for a denial-of-service attack that took down some of the internet's biggest sites last year. Hackers used malware installed to poorly-secured devices to flood domain name registration provider Dyn until it was unable to contend with the traffic.

As a result, we've seen a growing number of products promising to protect connected devices or at least highlight any potential security issues they may present. At CES 2017, for instance, antivirus-maker Norton revealed its Core router, which for a monthly subscription will keep an eye on potentially misbehaving Internet of Things gadgets. Even the US government's security services have weighed in, warning that the IoT could be used by bad agents to monitor and even recruit.

Even if that seems far-fetched, the possibilities for hackers if they gained access to your Nest hardware could be significant. Not only could they watch you – and your home, including checking when you're away and the house is empty – through Nest cameras, they could cause damage or run up energy bills by remotely adjusting a Nest thermostat, or even silence the company's smoke detectors. To turn on 2-factor authentication, head into the "Account Security" section of the Nest app and toggle on "2-step verification".