UPDATED 19:53 EST / FEBRUARY 17 2019

SECURITY

Google forcing potentially compromised Nest users to reset passwords

Google LLC-owned Nest is forcing users to reset their passwords if it believes they may have been compromised.

First reported Friday by The Verge, the move appears to be a followup to Nest’s previously asking customers nicely to reset their passwords if a suspected breach has occurred.

The idea now is that Nest suspects that many customers don’t bother resetting their passwords so instead it’s proactively forcing them to do so.

In an exchange on Twitter prompted by a customer who was asking whether a reset password message was legitimate, Next confirmed the news, saying “please follow the instructions that are in the email so that you can get back into the app. Also the steps to activating 2-step verification are included in the email.”

The question is whether the actions have been forced by a new password breach. Google said only that “it plans to use the measure on an ongoing basis as information is compromised.”

Tim Mackey, senior technical evangelist at Synopsys Inc., told SiliconANGLE that the situation highlights a core challenge inherent to passwords: People need to be able to type them.

“As anyone who has used a strong password and then struggled to properly enter it using a mobile device knows, increasing password complexity runs the risk of locking out the account,” Mackey explained. “IT departments have struggled for decades to convince users to use complex passwords – with limited success. We’ve had countless Cyber Security Week recommendations on password management – including one from me – yet people continue to use insecure passwords. The core challenge is simple: Humans aren’t computers.”

Questioning Google’s decision with Nest, Mackey noted that “Google has an option to simplify the password situation using its social login instead of a username and password combination.

“Under this model, the Nest service would be authenticated against a known authorization provider using a well-defined protocol,” Mackey said. “The user wouldn’t need a password specific to Nest nor would they need to worry about password complexity rules defined by Nest. This would simplify the user experience while improving the overall security of the service – all without requiring users to worry about password breaches in their Nest service.”

Photo: Raysonho/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.