

Google LLC-owned Nest is forcing users to reset their passwords if it believes they may have been compromised.
First reported Friday by The Verge, the move appears to be a followup to Nest’s previously asking customers nicely to reset their passwords if a suspected breach has occurred.
The idea now is that Nest suspects that many customers don’t bother resetting their passwords so instead it’s proactively forcing them to do so.
In an exchange on Twitter prompted by a customer who was asking whether a reset password message was legitimate, Next confirmed the news, saying “please follow the instructions that are in the email so that you can get back into the app. Also the steps to activating 2-step verification are included in the email.”
The question is whether the actions have been forced by a new password breach. Google said only that “it plans to use the measure on an ongoing basis as information is compromised.”
Tim Mackey, senior technical evangelist at Synopsys Inc., told SiliconANGLE that the situation highlights a core challenge inherent to passwords: People need to be able to type them.
“As anyone who has used a strong password and then struggled to properly enter it using a mobile device knows, increasing password complexity runs the risk of locking out the account,” Mackey explained. “IT departments have struggled for decades to convince users to use complex passwords – with limited success. We’ve had countless Cyber Security Week recommendations on password management – including one from me – yet people continue to use insecure passwords. The core challenge is simple: Humans aren’t computers.”
Questioning Google’s decision with Nest, Mackey noted that “Google has an option to simplify the password situation using its social login instead of a username and password combination.
“Under this model, the Nest service would be authenticated against a known authorization provider using a well-defined protocol,” Mackey said. “The user wouldn’t need a password specific to Nest nor would they need to worry about password complexity rules defined by Nest. This would simplify the user experience while improving the overall security of the service – all without requiring users to worry about password breaches in their Nest service.”
THANK YOU