In other words, users who haven’t already enabled smartphone-based 2FA or migrated to a Google account will have to verify their identity via email-based authentication every time they log in. The change was spotted by Engadget in an updated Nest help page:
Earlier this year, we announced that starting in the Spring, we will now require all Nest account users who have not enrolled in two-factor authentication or migrated to a Google account to take an extra step by verifying their identity via email when logging in to their Nest account.
The time has come, and beginning in May, Nest will be adding this new account security feature. When a new login is initiated, you’ll receive an email from email@example.com with a six digit verification code to be entered in order to successfully sign in. This code is to verify it is you trying to access your account and without this code, you will not be able to log in.
As mentioned, the intention to switch all accounts to 2FA was announced earlier this year, following reports that Nest security cameras across the U.S. were being hacked.
Google responded to those stories by explaining that their systems hadn’t in fact suffered critical security breaches. Rather, affected users had failed to use unique passwords and the compromised accounts were the result of “credential stuffing attacks,” where hackers logged into Nest accounts using login credentials leaked in older unrelated data breaches.
Google says it will notify users before making the 2FA security change. Until then, it advises Nest owners to ensure they still have access to the email they use for Nest.