Convenience at a Cost
There are many devices used in our homes that make our lives easier. These include home security, baby monitors, personal assistants, and more. There is no argument that these are helpful tools, but what do they cost us security-wise?
There was a recent incident with the Nest Cam, an indoor home security camera, that put these costs front and center. A three-year-old with a Nest Cam in her room complained of monsters in her room; her mother assumed her comments were related to common childhood fears. She later discovered pornography sounds and hackers’ voices streaming through her daughter’s camera and realized her system had been breached. We can all imagine the upset and trauma this event caused this family.
We can identify two separate failures that led to this outcome. First, the company chose to make user experience a high priority – understandably so. However, this meant they chose to streamline the login process at the expense of security. The company had the tools to strengthen their security through Two Factor Authentication (2FA), but left it as an option, not a requirement, as it made the login process cumbersome. The victim claimed she activated 2FA, but the company disputes this.
The second breakdown was on the victim’s end. In this particular case, the victim reused a login and password that had been previously compromised. Hackers upload files to the web containing hacked usernames and passwords, making them available to the public. If a previously hacked password is used elsewhere, you run the risk of having that account breached as well. The practice of taking previously compromised user names and passwords and trying to hack other accounts is known as credential stuffing.
What We Can Learn
To help protect yourself from an intrusion like the one above, there are a couple of things you can do. First, never reuse your passwords. This may feel insurmountable in the face of the many accounts you maintain, but with the help of a password manager, it can be done. If you are uncomfortable with the idea of an online password manager, consider it in its most basic form: handwritten records. If you choose to write down the user names and passwords for personal accounts, keep them in a safe place inside your home.
Second, activate 2FA any time the option is available. This technology will protect your account in the event your username and password is hacked. Without the additional code, your username and password will be useless to the hacker. The extra time it takes to login is minuscule and absolutely worth the protection it offers.
Remember, hackers are looking for the low hanging fruit–in this case, weak and reused passwords and no additional layers of security like 2FA. Don’t be an easy target!