Did you get a Ring or Nest home security system for Christmas?
When you set it up, be sure to enable two-factor authentication. This means not only establish a password, but also require a second factor, such as a code texted to your phone, or a physical token you plug in to the device.
The home security systems have been in the news lately for hackers gaining access and scaring residents with taunts and yelling through the cameras. Most the hacks occurred because users set up the systems with poor passwords – using either easy-to-guess terms, or reusing passwords that had been stolen elsewhere.
The hackers used what’s known as “credential stuffing” on the systems. This takes lists of credentials stolen elsewhere – such as a data breach – and using them to break in to accounts elsewhere.
Vice reported that hackers even livestreamed a podcast where others watched as the podcasters yelled at people through their Ring systems.
Using 2-factor (or 2-step as Google Nest calls it) will halt these attacks because the hackers won’t have the additional credential.
Using an additional credential beyond just a password is always a good idea. Ideally you should rely on a password manager to create and autofill strong passwords in your accounts.
But if you are still secretly reusing an easy-to-remember password, then at least protect your family from these nasty thugs with 2-factor authentication.