Nest, the smart home company owned by Google, is proactively locking people out of their accounts if it believes their passwords have been compromised. The company began sending out emails to affected users last night. If you’ve been affected, you’ll need to tell your Nest app to forget your current password and enter a new one.
The standard response to this type of breach, which Nest recently used, following reports of strangers hijacking people’s security cameras, is to email any users who are affected when a breach has occurred and merely recommend that they change their passwords. Presumably, Nest knows that lots of people don’t bother, which is why it’s forcing their hands by locking them out instead.
If you’ve been locked out of your Nest account, you won’t be able to use the Nest app or receive any notifications from your Nest devices. That means you won’t receive mobile notifications if your Nest Security Camera detects an intruder or if your Nest Protect alarm detects smoke, although the alarm on the device itself should still work.
Google refused to comment on whether the measure was due to a new password breach, but it said that it plans to use the measure on an ongoing basis as information is compromised.
Although the resets will pose a minor inconvenience, it could be a necessary step in forcing people to be safe online. Evidence suggests that everyone still uses passwords that are too simple and easy to guess and reuses them for multiple sites despite the safety risk. Asking us to change our ways doesn’t appear to have worked, so now Nest is taking matters into its own hands.
If you receive an email from Nest telling you you’ve been locked out of your account, try and reset your password as quickly as possible by going to your app and following the instructions provided. You should also consider using a password manager to generate one that’s strong and unique. Don’t follow any links sent in the email itself, just in case criminals use this as an opportunity to go phishing. If your details have been compromised, you should definitely reset any other accounts that also use the same password.