Nest cameras are a security product aimed at non-technical users, so of course this happens frequently, and of course this was foreseeable at the very earliest design stages. The designers needed to come up with a solution to this problem, and blaming the user is not an acceptable excuse.
The solution is actually pretty easy: require a pairing procedure that can't be done remotely. For example, the Nest app on a phone could display a QR code with is public key fingerprint, which you show to a camera, and the camera will only send video to phones it's been paired with. That would pretty much completely eliminate this failure mode.
There's no way to say this humbly, but imo stuff like this is the reason that companies lose their way when they lose an empowered "buck stops here" product-oriented CEO with enough engineering chops to modulate product decisions.
I had an endless to-do list of improvements, including security enhancements like the one you suggest (but done in a way that would not impair usability, like anything with QR codes :-)).
The problem is, a string of well-meaning but amazingly risk-averse managers came in and killed the soul of the company by introducing enough bureaucracy that the team and I no longer cared to bang our heads against brick walls anymore.
If the leadership doesn't a) understand product, b) understand business, c) know/respect good engineering, or d) have "fuck you, we're doing this" authority ... it will fail in spectacular ways through a series of seemingly good short-term decisions, it's just a matter of time.
Combine product, business, engineering, and authority to lead, sprinkle in some ethics and respect for your customers/employees, and baby you've got a stew going.
This whole privacy mess in home & so-called "IoT" is a result of people who don't even know what would be required to operate ethically with such powerful technology in the first place. I believe they are mostly good people, they just don't have the mindset or philosophy to know what to do. It kinda makes me misty-eyed. They know where to find me if it sounds like some of this could help... I'd be happy to try and get the band back together again.
I think if they made projects require independent profitability (after a startup period), a lot of that weirdness would go away and customers would be happier too.
It seems simple at the outset, but once you actually try to build a complex business/product like this one you realize you have to start with something simple just to get the money to fund something more complex/better.
RE: internet service loss leader model, I think it can be beat with a better product and a better model. But someone is still always going to need to pay to maintain and update software, and it seems fair to profit off of that as long as you allow for competition (& that's where I believe the law should e better protect consumers).
That's true. In my mind, fully distributed doesn't have to be the goal. I believe the number one problem for getting people to talk to their smart devices are NATs. I imagine a cloud service responsible only for NAT punching, and all the actual communication between user's smartphone and smart device happening directly (or rather, between the smartphone and home hub). It's probably more complex in practice than I think it is, but I can't think of an obvious show stopper.
> But someone is still always going to need to pay to maintain and update software
I think this is mostly a self-inflicted problem (or rather, a problem created and then used as an additional justification for subscription models). E.g. for a lightbulb, there's only few bytes of data that needs to be transmitted over the control channel. On/off state, color, intensity - setting them in one direction, reporting in another. That + overhead of whatever communication protocol is used. Such a device doesn't need an update. There's nothing to update there. The hub might, but arguably, hubs are designed overcomplicated too. But vendors seem to like to put a whole software stack on the devices, which now creates an attack surface that doesn't need to exist in the first place - and suddenly, security updates are required.
But billion-dollar companies have been made almost purely on "NAT punching". I've written the code, and it's more complex than it seems.
And RE: your lightbulb example, I love it, because it I will now use it to illustrate how even seemingly simple devices require ongoing software maintenance. Is it using a wireless protocol compatible with other devices? Does it use encryption/authentication (e.g. to keep the neighborhood hacker kid from controlling my lights)? Does the setup process require interoperation with a changing set of personal devices (phones, etc)? All of these things could require software updates, see e.g. heartbleed. And if you have a software update system, it now needs maintenance as well...
Not to mention if consumers want their hardware investment to continue paying dividends through new software features. That part should definitely be opt-in and open to competition.
But those engineers you hire to maintain your software aren't commodities. They have shifting interests, bills to pay, and boot-up time to re-remember all of the old code. Costs will be lower to keep them employed and making continuous improvements once a product reaches sufficient scale.
Competition would prove out which model is best, though, so no need to think too hard about it, we just need to improve antitrust/competition law.
You've changed my mind a bit about the update capability - I suppose any wireless protocol necessitates a software update capability because it's exploitable remotely (e.g. from outside the house), and you'll never get it bug or vulnerability free the first time.
But this then calls into question the utility of consumer-level IoT as a whole. It's nice to be able to operate devices remotely from wherever you are, but this immediately creates a very large category of problems.
> Competition would prove out which model is best, though, so no need to think too hard about it.
Unfortunately, I'm not convinced of that, for several reasons. Information asymmetry - non-tech consumers can't evaluate these products, so vendors designing bad products have competitive advantage. Thanks to recurring revenue, service-backed devices can be at much lower price points than their service-independent counterparts, and most customers are very price-sensitive. Add in surveillance and data mining, and the price can be lowered even further. User-hostile business models have a distinct competitive advantage, because they offer immediate benefits but the costs are deferred. Therefore, I don't think competition alone is going to solve it.
We competed head-on every single day with companies that lied like it was a national pastime, and we beat them handily. I think it is because good people tend to make the best products. There's an efficiency increase from passion, and all it takes is one good leader to unlock a team of hundreds or thousands of good people. I believe it is enough to take to the bank against shady practices.
That said, I do support better antitrust laws, we need to update them for the 21st century tech oligopolies + IP-stealing/currency-manipulating nation-states.
But all it takes is one good motivated person like you or me to Make The World A Better Place (™ HBO Silicon Valley). So let's get to it...!
Ubiquiti does a good job with this - they provide the interface to get into my equipment remotely with little setup, but don't send the data to their equipment.
My takeaway: abundant money can be poison.
I miss the old Dropcam. You created something great. Sorry to see the buyers screw things up so badly.
I feel you about the lights. Ultimately, I have grown to think that users should have ultimate control over the software running on their devices. If I want a light you can't disable, it should be by designing the hardware that way ... and you're still free to use a sharpie/tape/drill to modify your own hardware.
It's a fine line balancing making things difficult for creeps vs fully empowering a homeowner/caretaker to protect their castle/family how they see fit. But freedom for users to find their balance and law to punish truly bad uses are the only stable solutions... otherwise, creeps can always just use crappy products with no protections instead and you, the regular person, get stuck with crappy restricted products.
Some poignant examples of this are the many art installations that contain Dropcams. Suddenly a bunch of them have ugly blue dots that weren't intended by the artists. Does the artist now have to visit their installations with a sharpie? It's a stupid and limiting rule change that further pushes what was once a generally useful tool into a one-trick home security pony.
Dropcam v1 was one of the most secure internet products in existence at its inception, by design, full stop.
Making things more secure is a never-ending charge, and we never stopped. Google/Nest continue to try to improve things as well, but they've been slower and more inefficient at doing so than we were in our heyday. That's why these stories never seem to stop coming. The attackers are outpacing the defenders.
Well, with all due respect, that doesn't exclude that the security may not have been "good enough" (then) as much as it is not "good enough" (now):
“With all due respect”, which part are you playing right now?
My comments were not meant as logical proofs. But, I am content to say that Dropcam, as designed at launch, could likely be proven “net good” based on several popular moral axiomatic systems. That’s the best I’ve got, chum! The alternative is to convert oneself to a motionless blob, attempting to exert the least possible influence on reality unless intense logical calculation and polling of prevailing subjective moral bases has occurred first.
I choose instead to just try to do the right thing, and build cool/good stuff too. And always try to make things better, as long as you have breath. I highly recommend it over the blob strategy.
Have to admit though, I had forgotten how much fun it is to comment on the Internet!
Most QR code based setups were just transmitting wifi credentials in plain text. That's insecure, and it doesn't solve the pairing problem, only the wifi connection. There's actually a fair bit of 2-way data that needs to be exchanged to provide the best experience. And sure, you could start streaming encrypted setup information through animated QR codes, but there's better ways to do it.
Not to mention that we're talking about Wyze cam, which has been filled with hilarious(ly scary) security flaws since day one. Be careful with those things...
A close second would be Apple TV, where to add a remote you hold it next to the device (presumably some kind of short-range Bluetooth thing).
One potential challenge I faced myself with my DIY attempts at IoT hardware was dealing with power. I'm not an electrical engineer, and I don't trust myself enough to plug anything to mains power - and I don't trust random OH stuff you can order soldered from China either.
It's a result of the authoritarian lean of our current times.
The concept of freedom IMPLYING responsibility has been completely done away with. The operating concept is: adult consumers are like children, and need to be protected.
The pathology of this can really be felt when it's a CEO of creators.com complaining that he can't be bothered to use different passwords. In other words, he wants to have all the rights and privileges that come with having the highest levels of social power, but none of the responsibility. It seems he doesn't feel it's fair to be given the responsibility I've seen school children master (keeping different passwords)
For a product like this, though, you need to make sure everyone who is ever in eye or ear-shot (or will purchase it used) are considered/informed as well.
In my book, once information is equalized, be adults, go nuts.
To be clear, if they broke criminal laws they should go to jail. If they broke civil laws they should be sued. I'm not some crazy anti-gov person, just someone who believes in personal responsibility and that our blame/victim culture is perverse.
Your post is filled with innuendos and blame. I'd suggest that if you compare a company to 'stealing a lollipop from a kid' you can provide strong and concrete examples of theft. It's a pretty damning accusation.
Also, you are comparing adults making purchasing decisions to someone stealing candy from a kid. To me that sounds like the epitome of authoritarian patronizing. I'm guessing when you say that you don't see yourself as the child, only other adults right?
My point is simple observation: vendors exploit the extreme information and understanding asymmetry on the market to sell insecure, low quality and abusive offerings. If you haven't noticed it yourself yet and need more direct evidence, follow https://twitter.com/internetofshit.
> vendors exploit the extreme information and understanding asymmetry on the market to sell insecure, low quality and abusive offerings
This is true.
Now, please tell me how this applies to the FA we are talking about? The FA is about a nest customer using an insecure and exposed password and then complaining about his nest being taken over by a hacker.
And this isn't some joe shmoe. This is a CEO. He is complaining. RTFA and you will see.
My point: he has not right to complain, his complaint is based on the authoritarian perspective that people need to be protected against themselves.
He has no giant information asymmetry which Nest exploited to hurt him. He messed up. Simple. If he can't understand how to keep passwords, he really shouldn't be a CEO, ESPECIALLY of a tech company. And here's a bigger idea, if you can't keep passwords, maybe don't use systems that need them. Just as if you can't drive drunk... maybe not drive or maybe not drink? Blaming beer companies for being abusive (which they can be) is in no way relevant to the RESPONSIBILITY people have to not drink and drive.
IF a company sells a defective and bad product, they should and will be sued. If they imply you can drink and drive. Sue. If they imply or say their product doesn't need safe passwords, sue. INAL, but this probably doesn't apply here. Which is why the guy who penned the FA is writing it. He wants to shame nest. And those who are authoritarian inclined seem to me to be backing him up. Instead of seeing the article for what I see it: A captain of industry wanting all the rights and rewards of being a captain of industry, but not having to keep the responsibility of maintaining proper passwords.
LOL, there was a whole lot of head scratching when someone came up with the QR-for-pairing idea. Also, wink wink, nudge nudge, when are we grabbing a beer?
Dropcam v1.0 eliminated all of those security problems.
The only gotcha is that we required cloud storage. However, my plan for v2.0 Dropcam was to go with open-source verified builds + kill the cloud-storage requirement (but offer it optionally with e2e crypto).
If I had required that at v1, the company wouldn't exist today, and worse stuff would have taken its place. Good product engineering requires prioritization and stepwise problem-solving, not ivory tower ethics.
In your opinion, in the current space, do you think there's room for this kind of product now? I bet most of the readers here know why these are good features if you don't like adversarial software running sensors on your home network and uploading stuff, but I also bet we're in a tiny, tiny minority in the market.
1) You get no credit with customers for security features, only blame if they get hacked. You must invest in good security engineering because you believe it is a good thing and a good long term investment, it will only cost you in the short term.
2) Unfair competition from large tech and China-based companies, in terms of pricing and incumbent advantage. (And yes, I helped create this situation by selling Dropcam to Google, and profited from it)
In order to win, you'd have to make something better in every other respect (or find some yet-unknown killer feature that average customers actually care about), sell it for the same price, beat them in price wars, and spend enough on marketing to undo the PR damage they've done to the space AND rise above the noise floor.
There's a lot of good and bad that came out of Dropcam but I think it's been mostly good. Lives saved, murderers in jail, happy moments captured that would otherwise have been lost.
Plus, we had every intention of improving this aspect, and I'm even commenting unpaid on the internet to put as much pressure as I can on Google to follow through on that!
nest created a great ux helping expand use to unsophisticated consumers
With all respect, let us know when you (or anyone else) releases a perfect version of a product. Nobody has unlimited money and time in which to polish a product to perfection.
I'm in the throes of this right now, trying to beat a once-miserable codebase into something that that improves our customers' lives, is stable, is secure, etc. on a shoestring budget. It's a hard, wretched slog but we're doing it, one point release at a time.
Your polish can improve as you scale and get more resources. That doesn't mean there isn't a min-bar of basic security practices and ethics, but if min-bar is perfection on all counts, get ready for a long and fruitless existence...!
I disagree. This is the equivalent of blaming car manufacturers in the 70s for stolen cars when people left the keys in the cars. This is 2019. We've had PINs and passwords for decades. At some point people have to take responsibility for their own lives, their own property, and their own safety and take some things seriously. Nest and other companies can only do so much when the users keep doing stupid things like "password" for their password.
If you leave your front door unlocked when you go on vacation, yes, the crook should be jailed, but you should lock the darn door.
So put all my eggs into a password manager basket. But I've been scared off those because I read that some are crap or Chinese or other scary things. And it fundamentally feels insane to give everything to one app on my phone. You haven't convinced this old bag of coal that's a good idea to do.
So now I'm backed into what I perceive as a "smug young tech people corner" where I feel damned no matter what I do because clearly I need to be tech savvy but you insist I don't need to be, that this is just a baseline intelligence kind of problem.
That whole story is a complete failure of technology, not the user.
That's truly not awful. But it's not as easy as car keys.
Use a keyfile and password just in case your password is compromised, the attacker would still need access to your machine to open the dB.
All of the "2000 era china cams" (foscam or whatever) I bought had a username password that only mattered if you were on a local network. I can imagine Nest users would probably assume that's what they were doing.
2. If anyone was so dumb as to think a camera they can view on their phone while at work or on a cruise ship was "only on their local LAN" then, again, it's 2019 and there's no excuse for that. If you can't figure out that you're seeing your house from 2,000 miles away because it's connected to the internet, I don't feel bad for you.
Instead, we are here looking for ways how Google could fix people's tendency to opt-out of additional security.
Because contrary to your claim, most bigger online services these days absolutely do guide and nudge their users into setting up 2FA, because adding a legit phone number to an account makes that account data that much more valuable for selling ads .
I really like your idea of a physical pairing procedure. It's not a large price to pay for dramatically increased privacy. Some other possible partial-solutions I initially thought of:
1.) Don't allow users to create their own password. Generate a strong password for them, and only show it to them once upon password creation/change. (like how API secret keys are often only displayed once upon creation) --- this would eliminate the "same password on multiple sites" issue
2.) Require a device whitelist where some type of fingerprinting/calibrating is done upon initial login by each device added to the list.
3.) Geofence logins to a pre-specified radius surrounding the camera location. E.g. if the parents work < 10 miles from home, they can set up a radius of 10 miles and understand that if they travel further than 10 miles away from home they won't be allowed access. --- this would be hackable, but would at least add another layer of protection.
This is how Tesla pairs a new phone to work as a key -- you need to have one of the two RFID key cards that come with the car present, and be inside the car with the new phone. You pair _that particular device_ and then authorize it with the RFID card. Simply having the login to the app/account is not enough, and from the car itself you can always remove a paired phone.
A key for a car frames the problem in much clearer terms and Tesla engineered a secure solution. It is unfortunate this isn't done for other things where security is equally important.
Omitting the lack of 2FA is missing an even more important point because it's cases like this why 2FA is pretty much mandatory today.
But instead of using already available solutions, you want to reinvent the wheel with "a pairing procedure". Gee, that sounds awfully familiar to what 2FA does, which also would have completely eliminated this failure mode, if the user would have bothered to actually use it.
In that context, I really don't see what Google could do differently with Nest. If users don't use additional security, then you can add all the additional security you want.
We just aren't trying that hard.
But let's say the PM and the rest of management was convinced. So they make it require pairing and send it out for field testing. Field tests come back: "it's really annoying that I have to pair all of my phones individually with each camera." Management tells engineering to fix that.
But let's say that the engineers once again convince management that this is a good idea. The product is launched. The review from CNET or Wirecutter or something comes back: "it's crazy in this day in age that I need to get a ladder and go around to all of my cameras to introduce them all to my new phones every time I do my yearly iPhone upgrade." CEO now has a crisis and demands this be fixed. Engineer pushes back again and is probably fired this time. Feature is removed.
A few years later, this article comes out and it causes much, much less damage to the brand than the bad usability reviews. Everyone learns the wrong lesson.
Could be a dongle with a button that plugs in to a router usb port.
next time your app connects it simply indicates a new device has been added and asks if you accept it.
I have to push a physical button to control my Hue lights, and we can't require physical access to a /camera/ ?
Its easy to say 'my mom should know better', but like most users in the world she is not technical. She grew up on a farm, how is she supposed to understand this stuff. It should be on these companies that make enormous profits to protect all users. This includes users who are not technical.
I'm sure it wasn't your intention but that's quite insulting. Just because someone didn't grow up with technology doesn't mean they can't learn and understand it. Farmers especially since they're very DIY and resourceful.
You cannot expect people who aren't used to certain things, to pick up those skills as easily as people who do have prior experience.
"She needs to be protected. She's not a real adult like I am. I, as a real adult, will decide for those who I consider aren't real adults."
It's dripping with patronizing authoritarianism. And they just don't see it.
I will say, people who have IQs below 80-70 are in a terrible place. Our modern world assumes the ability to understand concepts at a certain level. Some people at some IQ levels just will never be able to do so. How to classify such people and what to do about it is something we need to recon with as a society.
But a discussion of a CEO who is lazy and can't be bothered to engage in minimum cyber security (the FA) that even clerks are required to do and thus got hacked... is probably not the place.
I don't see the similarity between that, and what was actually say. It seems you are making assumptions and taking it way out of context.
I hope you helped your mom set up 2FA after that.
Would basic checks would you recommend that Google on top of offering a robust 2FA solution?
* ensure that where they sell gift cards there are store limits on how many gift cards can be bought.
* track the usage of the card to make it more difficult for criminals to use them.
* put a day delay on the card or make the user register to make it more difficult for the user to immediately sell the card off to criminals
Google is very aware that their gift cards are used in massive fraud schemes of millions of dollars that target the most vulnerable (the elderly). It is similar how there is a huge fraud scheme build on Nest products. That they allow it to happen (as it is of no cost to them) is incredibly irresponsible and in opinion even criminal.
When I called Google, their response was that on the back on the cards there is warning in small print that if you give the scratch off key, the money is unrecoverable. As if someone being told that their entire life will come down crashing around them if they don't send the money is going to read the small print on a gift card!
Google is probably the company in the world that is the best at tracking users and cyber security. There is no reason why they couldn't prevent these use cases if they put effort in.
I have to disagree with the first part here. Privacy is a pretty central (and I would say _obvious_) concern, especially given the function of this particular product. I get that some people care less about privacy than others but the fact that this tech is being misused like this doesn't seem surprising to me at all.
If users decide not to use it, then there's nobody to blame but them.
Thinking up ever more complex schemes, to offload all the responsibility on the services, won't solve any of this.
At the end of the day user error overrides it all and massive database breaches even affect those that should know how to properly secure their stuff .
2FA is not perfect, it's not convenient but it's one of the last remaining effective defenses when massive breaches have become so normalized that known pwned accounts outnumber people alive on the planet .
Likely safer than SMS 2FA as well.
No matter how big the company is, this is really realistic.
Facebook, Google and others all used to leave some passwords in clear-text during very long time for anyone to check in the logs.
Google even got their central password system compromised and source-code stolen (Gaia).
It can also be a password recovery process that can have glitches (Steam), or just not checking password properly due to deployment errors (Dropbox) or just compromised servers (my unique EA Origin password was compromised like this, my LinkedIn password as well, my Twitter password...)
Facebook: https://www.theguardian.com/technology/2018/sep/28/facebook-... (fun fact, it happened TWICE)
Another Dropbox: https://techcrunch.com/2011/06/20/dropbox-security-bug-made-...
Or use some kind of hashing strategy that's based on remembering a single password. It would use your psssword plus the login website name to generate a unique password.
Case in point: I just checked an e-mail account I haven't used in close to 20 years, even that thing has now a somewhat lengthy haveibeenpwned profile.
It's the manufacturer's fault to allow the weak configuration in the first place.
No devices were hacked here, just like nothing about this had anything to do with the device's security configuration.
This was user error of first reusing passwords, and then not bothering to secure their Google account, the actual attack vector, with 2FA.
This doesn't sound like a Nest vulnerability? Does Nest offer MFA?
Ideally, being susceptible to a leaked password-email-combination should be considered gross negligence.
How can you use any service then if in your mind any service should be be able to not be affected by a leak?
My username/password combo is everything I need to use my account fully. Should there be another factor to use my account? I should be forced to get set another factor to post on HN?
This is just absurd. We just can't keep increasing road block to let people not learn how to use something. There will always be an idiot to outsmart you.
Google defends Gmail users from malicious nation state actors . Isn't Nest part of the Google identity ecosystem now?
I have no idea if it's integrated with their primary login flow though. It's certainly integrated with the password manager in Chrome.
Thank you to Troy Hunt
The scenario I was looking at was..
User signs up with Site A with Password 1.
User signs up with Nest with Password 1.
Site A gets compromised.
Nest couldn't know if you'd used the same password on each site. The only way they could know is if they used the same hashing algo with the same salt or SHA-1 with no salt. Highly unlikely.
I suppose Nest could check the Pwned Passwords API every time they logged in, but I haven't seen anyone deploy that yet, IIRC all solutions I've seen check Pwned Passwords API when the set the password. Setting a password and checking a password are often different systems.
One easy fix. Send a verification email to users when a different device is detected before allowing log in.
I mean, even Steam does this.
Not perfect, but, its decent.
I still use it and will continue to do so until someone releases a better ecosystem.
Right now I get an alert on my phone if someone rings the bell, or leaves/removes a package. Plus with facial recognition I get alerts which include the person's name for common visitors (via facial recognition) and will announce visitors via a set of google home minis. Nest will alert my phone if the smoke detector sees smoke or CO. I'm obviously quite "all in" on their ecosystem.
I also will note I have an elderly relative at home as well as 3 dogs and we are not there most days so the ability to see what's going on at home and potentially take action like calling the police/fire/EMS is extremely valuable to me.
I don't remember what Nest used before being bought by Google (I believe SMS MFA was available), but they're transitioning accounts to sign in with your Google account.
A surprising number of sites that really should do not offer any MFA. Like bank accounts, credit cards, investing accounts, payroll, cars...
My money may not be safe, but at least my github commits are!
There's 8 billions people in the world. There's every kinds of them.
The commons one aren't interesting, they are commons, they aren't the one that we want to talk about. Thus what you see are only the best or the worst.
Please don't lose hope because of that.
I think the super angry response we are seeing is a result of the authoritarian lean of our current times.
It's like the concept of freedom IMPLYING responsibility has been completely done away with. The operating concept is: adult consumers are children, and need to be protected.
I'm no Google apologist, just a pragmatist.
* Detect that a login occurred from an unrecognized IP and email the account holder to tip them off.
* More stringent password requirements and a check against public leaked database registries to alert the user that the password they're using has been leaked.
But it seems like the bigger frustration is not that they did not prevent it, but that when it occurred it was difficult to raise the issue, and the response was tremendously inadequate.
It's beyond uintelligent, i you really think about it.
My in-laws are firmly in the "computers are magic" camp. Say what you like about they should learn etc, but they're in their 80s, have already lived through multiple technological revolutions, and at this point don't have the energy or interest to work through another one.
They are aware that someone not able to understands the danger of power tools and how to use them safely shouldn't use them. That's nothing new. Yet they still do...
In the mind of the populace, I think Google might stay in the same brain spot reserved for father christmas. I would have suggested a massive privacy awareness campaign but I doubt it'll work - especially when it comes at the cost of convenience.
"The cause appears to be that login and password credentials stolen in external privacy breaches unrelated to Canada Post were used to access individual Canada Post accounts. This is possible when users reuse their credentials on several websites to avoid having to remember different passwords."
I'm not sure how they plan to prevent users from just reusing another password, however perhaps this education will help.
Username/password is reflected unchanged in JS. Got a console error because my password has a single quote in it.
Well, isn't that's exactly what the customer support team is suppose to do? They'd be a terrible customer support representative if they didn't encourage good security practices and didn't try to maintain customer relationships.
Not having 2FA is unacceptable in 2019. The best form of security is a combination of these 3 things:
- "Something you know — Password, security questions, personal information, etc.
- "Something you have" — Security key (Yubikey, Smartcard, Ledger Nano, etc.), software key (HOTP/TOTP), ̶S̶M̶S̶, email, etc.
- "Something you are" — Biometrics (Touch ID, Face ID, etc.)
Very low technical skill for someone writing for a website called siliconvalley.com.
People reusing passwords is risky and frankly stupid behavior.
The same way you are responsible for your financial identity and can be taken to court over these disputes, you are also responsible for your cyber identity.
The longer you avoid being held responsible, the worse the pain will be.
If I login to my gmail account using a different PC, google won't let me in without sending a text to my phone or a code to my email. Sometimes, even using a different browser on the same PC I typically use triggers this security check. Even after letting me in, Gmail will send a notice of the strange login to my backup email - the mail will contain the time and ip of the event.
Same with telegram. Loging to a new app/device and Telegram will sends the notification to the two apps I use on my main PC, my secondary pc, and my phones. Deleting the notification on one client app won't remove it from the rest. This way, an intruder can't erase the evidence.
Also, almost almost every other email service I own badgers me to set up 2factor - either another email, a phone, back up codes or 2-factor authenticator apps.
If Google/Nest isn't doing this - then, part of the blame lies with them. These basic, obvious, common sense security/password practices you know is breaking news to "NORMAL" people.
In that sense Google could make the security stronger for their customers but chooses to make it easier to install and use for the majority.
Getting downvoted for this, but consider this: they require a password for security purposes, why don’t they require MFA? Why is this not a requirement for this product or all their products? It’s a barrier to entry, and an eases of use thing, which means it’s a product decision to not require stronger authentication on this or all their products.
1. user Initially creates login and password for Nest device
2. Before Nest accepts your password, it checks HaveIBeenPwned.com to see if that password has already been used before for this email address. If so, the password is rejected.
They were actually very different from other companies at that point in time.
It's just harder to be not evil when margins are shrinking.
- Have both parents decide the child is not a high enough priority for one of them to stay home
- Decide it's too much hassle to take the kid to a professional style day care where there are multiple adults watching each other to make sure none of the adults are badly behaved with the kids
- Also too much of a hassle to go to a home day care where less professional adults could watch the kid, but at least there are more than one of them working there in case one of them starts to mistreat the kids
- Hire a nanny, but not trust the nanny, cause sometimes nannies are badly behaved too
- Decide you trust the IoT company more than the nanny or any of the above
First world 1%er problem for sure.