Got a Nest security camera? Enable two-step verification now

(And stop reusing passwords)
               

Got a Nest security camera? Enable two-step verification now

If you have a Nest security camera in your home, please make sure you have enabled two-step verification (2SV).

That way, even if you have made the cardinal sin of choosing a password for your Nest camera that you have previously used somewhere else on the internet, it will be much much harder for a hacker to hijack your camera and demand you subscribe to PewDiePie’s YouTube channel or put the fear of God in you that North Korea has launched a missile in your direction.

The current wave of hacks aren’t because of a software vulnerability on Nest’s internet-connected cameras, but instead because of the bug in users’ brains which means that they keep reusing the same passwords for multiple accounts and devices.

Password reuse is one of the most common mistakes made and also one of the riskiest things you can do the internet. You should have unique passwords for each account - and if you find it hard to remember them all (I can’t imagine how you *could* remember them all) you should use a decent password manager to do the job for you.

Oh, and if you’re not sure why some people are using hacking techniques to encourage people into following PewDiePie on YouTube, just listen to this recent episode of the “Smashing Security” podcast:

Smashing Security #109: ‘Grinches target Amazon and Reddit, stealing Christmas from the poor’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

2 Responses

  1. BK

    January 24, 2019 at 8:49 pm #

    Do you have a password manager that you recommend, Graham? I’ve tried LastPass but in 2018 I received no fewer than 30 notices that someone in eastern Europe was trying to log into my account.

    • Graham Cluley in reply to BK.

      January 25, 2019 at 9:13 am #

      Hi BK

      You say someone has been spotted *trying* to get into your account, but not that they’ve actually managed it right? In which case, it doesn’t sound like LastPass has done anything wrong other than (perhaps irritatingly in your eyes) notified you of a failed attempt to break into your account.

      Presumably you have multi-factor authentication enabled for your LastPass account?
      https://www.lastpass.com/multifactor-authentication

      If not, I’d strongly recommend turning it on as it’s an additional security measure for your password vault that will make it more secure. I believe multi-factor authentication doesn’t come with free LastPass accounts, but - to be honest - with something as important as passwords, it’s definitely worth the investment.

      I don’t use LastPass myself. Not because I don’t have confidence in the product, but just that I’ve used 1Password for many years. Other products I hear good things about include Dashlane and BitWarden.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.