Nest, the Google owned smart monitoring company, has recently started to lock people out of their accounts if they believe your password is not strong enough.

As a Nest user myself, I’ve been watching the news closely to see if a new breach has been confirmed.

However, Nest have not reported any breaches and instead they are blaming these lock-outs on insecure passwords created and used by smart camera owners.

Two weeks ago, I received the ‘BE VIGILIANT EMAIL’. Not I’m not overly paranoid, although working on Cyber Security Breaches has not reduced my suspicious attitude, so I thought to myself ‘Why the out of the blue email?’.

A few days later I receive a further email:

“In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.”

They have offered some guidance including: -

  • Enable 2-factor authentication
  • Choose strong passwords
  • Set up Family Accounts
  • Protect your home network

I have, therefore, changed my password on my Nest account again and setup 2-factor authentication.

This morning I’ve been locked out with little explanation.

I changed my password two weeks ago and then again two days ago, so my password should not be compromised. My old password had over 10 characters with a combination of upper and lowercase letters, numbers and symbols, none of which were used in my last two passwords. So, what is going on?

If you’re one of the people who has been locked out of your account, you will be unable to access the Nest app until you change your password. That means you won’t get notifications from your camera, including ones that warn you of an intruder. You also won’t get any mobile warnings about smoke detection.

What should you do?

Assuming I’m not paranoid, and something is going on, I would recommend fellow Nest user add 2-factor authentication and a new password not at all like the one before.

More importantly, however, if you use the same passwords (which obviously is not a good idea anyway) on other sites then I’d strongly advise that you change them too!