If you own a Ring video doorbell or camera, get ready to turn on the two-factor authentication with your account.
The Amazon-owned company is ditching the password-only approach to protecting access to customer accounts. Starting today, Ring is requiring all users to activate the two-factor authentication, which will add a second step to the login process.
Ring made the announcement after a group of online pranksters managed to hack into the company’s cameras to spy on and harass several families in the US. The intrusions were relatively easy to pull off; the culprits simply exploited the weak passwords on customer accounts in order to steal access to the internet-connected cameras, which are often placed inside and around people's residences.
The account hijackings were a bad PR blow for Ring, which markets itself as a home security company. So in response, the company is making two-factor authentication (2FA) mandatory for all customers when before the security setup was merely optional.
The system works like this: To log in, you’ll need to type in the right password, and a special one-time passcode that’ll be sent to your email address or mobile phone number via SMS message. “This added authentication helps prevent unauthorized users from gaining access to your Ring account, even if they have your username and password,” the company wrote in today’s blog post.
That all said, affected customers will need to spend a minute or two to set up the 2FA, which will require them to supply an email address or mobile phone number in order to receive the one-time passcodes.
The company’s approach to offering 2FA also isn’t ideal. Hackers have shown they can steal the one-time passcodes by breaking into a person’s email account or by even tricking a mobile carrier into giving up access to the target phone number. Nevertheless, the 2FA requirement will make it significantly harder for cybercriminals to hijack customers’ Ring devices.
On the flip side, the change will force customers to alter the way they can share access to a single Ring account. Simply telling family members your password won’t be enough. The company is instead recommending the owner of the account go to the “Shared Users” function to designate who else can have access.
On top of the 2FA requirement, the company has also decided to temporarily stop the Ring app from transmitting people’s smartphone information to third-party analytics companies. Last month, a privacy group criticized Ring for collecting the data, claiming the practice could undermine a customer’s privacy.
“Beginning immediately, we are temporarily pausing the use of most third-party analytics services in the Ring apps and website while we work on providing users with more abilities to opt out in Control Center,” Ring said in the blog post. “In early Spring, we will provide you with additional options to limit sharing information with third-party service providers.”
Ring can also collect customer information to serve up targeted ads. But starting today, users can opt out of the tracking by accessing the Ring app’s Control Center function.
Earlier this month, Google also said it would make 2FA mandatory across the company’s Nest camera devices this spring to prevent account hijackings.
Further Reading
- Russia Blocks Tutanota Encrypted Email Service After Restricting ProtonMail
- Will the Coronavirus Disrupt the RSA Show? IBM Decides to Skip
- Database With Sensitive Plastic Surgery Photos Exposed Online
- The Quantified Employee: How Companies Use Tech to Track Workers
- More in Security
More Security Reviews
- Private Internet Access VPN (for macOS)
- NordPass Premium
- Qustodio
- Virtru Email Protection for Gmail
- ShieldApps Cyber Privacy Suite