Two-factor authentication is coming to the Nest platform. Starting in the spring, all Nest users who haven't enrolled in two-factor authentication or migrated to a Google account will be required to verify their identity via email.
That means that when a new login for your account occurs, you'll get an email from firstname.lastname@example.org with a six-digit verification code. You'll then need to enter that code to confirm it's you who's attempting to log in. If you don't provide the code, you won't be able to access your account.
In addition to enforcing two-factor authentication, Google added something called reCaptcha Enterprise to Nest accounts. That security process detects automated attacks and defends against them, and it's something Google email and other accounts already had. Now, it's active in every Nest account. You don't need to do anything to enable it.
In December, Google also added email notifications for login attempts. Each time someone logs into your Nest account, you'll receive a notification email. If you don't recognize the login attempt, you can take defensive action, such as changing your password.
The team at Google say these updates will cut down on the possibility of an unauthorized person accessing a Nest account, specifically those that haven't migrated and don't have the built-in protections of a Google account.
Of course, Google still suggests users complete the migration, saying, "Nest and Google product integrations will be streamlined and work together to create seamless experiences. For example, if you have a Google Home, just say, 'OK Google, make it warmer.'"and a