UPDATED 19:53 EDT / FEBRUARY 17 2019

SECURITY

Google forcing potentially compromised Nest users to reset passwords

Google LLC-owned Nest is forcing users to reset their passwords if it believes they may have been compromised.

First reported Friday by The Verge, the move appears to be a followup to Nest’s previously asking customers nicely to reset their passwords if a suspected breach has occurred.

The idea now is that Nest suspects that many customers don’t bother resetting their passwords so instead it’s proactively forcing them to do so.

In an exchange on Twitter prompted by a customer who was asking whether a reset password message was legitimate, Next confirmed the news, saying “please follow the instructions that are in the email so that you can get back into the app. Also the steps to activating 2-step verification are included in the email.”

The question is whether the actions have been forced by a new password breach. Google said only that “it plans to use the measure on an ongoing basis as information is compromised.”

Tim Mackey, senior technical evangelist at Synopsys Inc., told SiliconANGLE that the situation highlights a core challenge inherent to passwords: People need to be able to type them.

“As anyone who has used a strong password and then struggled to properly enter it using a mobile device knows, increasing password complexity runs the risk of locking out the account,” Mackey explained. “IT departments have struggled for decades to convince users to use complex passwords – with limited success. We’ve had countless Cyber Security Week recommendations on password management – including one from me – yet people continue to use insecure passwords. The core challenge is simple: Humans aren’t computers.”

Questioning Google’s decision with Nest, Mackey noted that “Google has an option to simplify the password situation using its social login instead of a username and password combination.

“Under this model, the Nest service would be authenticated against a known authorization provider using a well-defined protocol,” Mackey said. “The user wouldn’t need a password specific to Nest nor would they need to worry about password complexity rules defined by Nest. This would simplify the user experience while improving the overall security of the service – all without requiring users to worry about password breaches in their Nest service.”

Photo: Raysonho/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.