قالب وردپرس درنا توس
Home / Tips and Tricks / Why your Nest should trust Nest (still) – Rate Geek

Why your Nest should trust Nest (still) – Rate Geek



  A young child pressing the button on the Nest Hello
Nest

Yesterday Ring announced that it would immediately require two-factor authentication for all user accounts. And although that is a good start, it is not enough. The company can and must do more. The truth is that it is catching up to another security camera company & # 39; s: Nest. If you have to choose, you must trust Nest before Ring, and this is why.

Security cameras that you place in your home are really a scary proposition. Think about it ̵

1; you place a digital recording system in the most intimate parts of your life, and you only need the correct username and password to gain access. The danger in that concept recently became all too clear, because report after report showed people with RingCamera's who had compromised their accounts.

Nest, on the other hand, has already discovered the problem. The company has implemented (or is about to implement) various functions that Ring is missing, such as IP logging, password strength requirements, breach of password controls, and quick login attempt prevention.

Google knows where you are thanks to IP logging

realize it, but websites know where you are. Your IP address reveals that information when you visit a site. What most sites don't do is keep track of where you usually are.

But Google is. If you always log in from Washington D.C. but then suddenly jump to Florida or China in half an hour, Google will notice the login attempt and treat it as suspicious. It will notify you and prevent the login until you can confirm that it is you and not someone who tries to log in with a password from a broken database.

Although that is a possibility that Google first introduced for Google accounts (for Gmail, Google Calendar, etc.), it recently brought the possibility to Nest accounts.

Ring does not currently check your IP location for suspicious activity. So much is evident from the fact that bad actors could log in to the Ring accounts of other users (unless they were always close to the victim due to luck).

The company did not mention the feature in the latest update regarding privacy and security changes. And that's a shame, because it would be a long way to deal with the problem.

Ring lets you use any password no matter how weak

 A dialog box for creating a ring password, with the password set to

The first barrier to your account is your password and the is surprising to see that Ring lets you use everything. Just to be sure, I created a new account today, with which I can use "password" for my password. That is & # 39; the world's weakest password, and no website, let alone a security company, should allow that.

The worst thing is that Ring knows it's a weak password. You can see in the screenshot above that Ring says that & # 39; password & # 39; is weak. But it still lets me use the same thing. If you saw someone stepping in front of a truck, you wouldn't just say, "Hey, that's a bad idea." You would prevent them from making a terrible mistake. But Ring does not prevent you from using a terrible password.

Nest, on the other hand, checks your passwords for basic requirements and does not allow you to use standard style passwords that are easy to guess. It's almost foolish to praise Nest for that fact because it's the absolute minimum that a security company should do, but Nest does it and Ring doesn't do it, so here we are.

Nest checks for violated passwords

As long as we drop truth bombs on you, there is another one: someone has already compromised that one password that you use for your e-mail, Adobe, Disqus, Dropbox, Tumbler and xkcd . Several times. If you use the same password everywhere, you must stop. Please take a password manager.

But we can repeat that fact until the end of time, and people are going to people and continue to reuse passwords. So the next best thing is to protect people against themselves. Nest checks your current username and password for known database breaches. If it finds an agreement, let it know and you must change your password.

This prevents hackers from logging into your account with log-in details that they have found due to the poor security of another site. Unfortunately, Ring does not check your passwords for database breaches. If you use a compromised username and password combination, it is up to you to find out and resolve the issue. We recommend that you check HaveIBeenPwned if you have not already done so.

Nest uses reCAPTCHA to prevent quick login attempts

 A Nest login page with a reCAPTCHA warning.

If a hacker does not know your password, they can try to guess it. One way is to use a bot to submit hundreds or thousands of passwords in the hope of getting a hit. But that doesn't work with Nest (or Google) accounts.

Nest has already implemented reCAPTCHA on its login page. You've probably come across it before. If you have ever had to choose "all crosswalks" or "all fire hydrants" from a frame, that is reCAPTCHA. The basic idea is that it is a test that & # 39; only a human & # 39; can resolve. It also delays login attempts, even if a bot somehow passes the test.

In theory, that should prevent massive login attempts from eventually guessing your password. Unfortunately, Ring does not have such safeguards. So bad actors are free to guess away until they get it right (especially if you have a weak password, which Ring allows).

Both offer two-factor authentication, but you're better off with Google

  A woman typing a pin code in the Ring app.
Ring

From yesterday, Ring requires two-factor authentication. Starting in the spring, Nest also needs it for its accounts. That puts Ring in front of Nest, but that's not the whole story.

In both cases, you must enter a one-time pin code to log in to your account. For Ring you get that via e-mail or text message. For Nest, e-mail is the only option. One-time usage codes sent via email or text message are better than nothing, but it is not the most secure version of two-factor authentication.

If you want more security, you must use an authentication app that is linked to your phone. With codes sent by sms or e-mail, bad purchases only have to compromise your accounts. But with an authentication app, they should steal your device (and at that time, security cameras & # 39; s are the least of your problems).

That's important, because if you migrate your Nest account to a Google account, not only do you get more security than Nest currently offers (which is more than Ring), you can secure your Google account with an authenticator -app.

Google thinks its accounts are so secure that no two-factor authentication is needed, unlike Nest, but we think you should turn it on if you have security cameras & # 39; s.

It's a matter of heart

We haven't even talked about the difference in products, but if you want our opinion, we think that Nest cameras are also better than ring cameras & # 39; s. The integration with other Nest products (such as the Nest Hub) is much closer than the integration between Ring and Amazon Echo products.

But even if Nest and Ring cameras were exactly the same in terms of quality, it is clear that you still have to go with Nest.

While Ring quickly blames its customers for security issues and slowly implements solutions, Nest (and Google) quickly implemented solutions and slowly blamed customers.

On the rare occasion that something happened, such as poor integration between Wink and Nest, the company took responsibility and worked quickly to resolve the problem. That is exactly the behavior that you want from your security camera maker.

The actions of Nest show that it works hard to win your trust and protect your accounts. And the actions of Ring feel like the absolute minimum. So the choice is clear, choose Nest for Ring for your security camera & # 39; s.


Source link