Oh no, someone could have found out my zip code! Honestly they could have probably geo-located better with IP address.
It was a bug that was caused by the Nest calling the weather api over an insecure connection. Overall a minor leak. It is really how companies handle cases, Nest patched it quickly while other companies will sit on it for months.
ST really needs to have 2FA. The data that ST has is pretty sensitive (Know when your home, being able to disable alarms, know home usage patterns, cameras, etc). I know that ST’s has quite a bit of stability issues at the moment, but I think 2FA should be a higher priority.
I’m really surprised that Nest doesnt have 2FA either.
True…However, anyone with a smartphone can download the ST App for free and log in as you with their own phone (assuming they know your login credentials.)
True, but a simple text/access code would suffice in that case since it is a rare event to install an app and authenticate. You could argue that is 2FA, but when I think of 2FA I think of the rolling key systems like Google Authenticate.
I wish they did have a PIN that they would require to enter for certain events. A PIN is not 2FA, but does add another layer.
But to be blunt, I’d rather have consistent performance before adding on complexity. I don’t consider this the highest priority for the developers right now.
1 Like
matt
((Possibly not the Matt you're looking for))
12
I’m late to this party, but yes, 2FA should be a very high priority. I don’t even want to describe the worst case scenarios in public.
Even a mundane snafu could get blown into a PR nightmare. If no one else, at least the comms people ought to be worrying about this.