Amazon’s Ring Now Requires Two-Factor Authentication

Posted on February 18, 2020 by Mehedi Hassan in Cloud with 9 Comments

Amazon + Ring

Smart doorbell maker Ring announced today that it will now require two-factor authentication on all accounts, improving security. The company is also taking a couple of other measures to protect its users’ privacy.

Ring has had two-factor authentication for a while, but it’s now making it mandatory for everyone.

The company says making two-factor authentication mandatory will prevent unauthorized users from getting access to your Ring account. That is, obviously, very important considering the fact that your Ring account can have a lot of sensitive video recordings, etc.

The two-factor authentication system on Ring works just like before, where the service will send a six-digit one time code to your email or SMS that you will have to enter during login to be able to successfully let into your account. The new policy applies to Shared Users on your account, too, and they will now be required to go through the same two-factor authentication process as well.

Ring says the company has also temporarily paused use of “most” third-party analytics services as the company is working on giving users the option to opt-in into these analytics services. “In early Spring, we will provide you with additional options to limit sharing information with third-party service providers,” the company said. It’s introducing a new option for users to opt-out of personalized ads on the platform as well.

Tagged with , , ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (9)

9 responses to “Amazon’s Ring Now Requires Two-Factor Authentication”

  1. Avatar

    glenn8878

    This will not stop a thief from stealing your Ring and resetting it to their own account.

    • Avatar

      t-b.c

      In reply to glenn8878:

      I have the Ring that attaches to the spy hole in your door, half of it is on the outside and the other half on the inside. Someone could break it, but they cannot steal it without gaining access to the home first. It is awesome! Love my ring.

  2. Avatar

    sekim

    Ring now requires 2FA, unless you're a law enforcement agency and then it is 0FA.

  3. Avatar

    Randall Lewis

    Late, Ring, very late. But better late than never.

  4. Avatar

    SvenJ

    This may actually drive me away from Ring. Being looking at Arlo anyway, since that is what my cameras are. Why? Because two factor makes it almost impossible for me. Where I work I can't have my phone, and can't access personal e-mail. Not just policy, blocked. So to access Ring I need to call my wife at home, have her sit at my PC with mail up. I log into Ring, it sends the 2FA code to my mail, she reads it to me and I can access my doorbell. Typically that only needs to happen once for a workstation, but anything that changes makes me need to do that again. Not particularly convenient. There is a reason I didn't turn it on. If they offered an assortment of validation options, different e-mails, or voice phone verification*, that would be different, but I didn't see that.

    *I have had some where they would call a specified number and read you the code (synthesized), for those that can't get texts.

    • Avatar

      wright_is

      In reply to SvenJ:

      If your wife is at home, why do you need to worry yourself with the doorbell? :-S

      • Avatar

        SvenJ

        In reply to wright_is: I know that was sort of facetious, but that would be how I would set it up, hopefully once, for a workstation. In fact, it won't work. You have to log in each time from a web client, so would have to do 2FA every time. This makes Ring completely useless from work for me.
        I also notice in my settings, 2FA is not enabled, but it is clearly turned on. There is also no option to select a phone number, for a text msg, or verbal code, or the option to select an e-mail other than your default e-mail.


  5. Avatar

    red.radar

    I get the security push but I find two factor authentication frustrating.


    1st they make me give them a phone number. That is another piece of information to be harvested and hacked when digital service becomes comprised.


    2nd, it’s really inconvenient. Now I have to have my cellphone glued to my hip anytime I interact With most digital or financial services. It’s exhausting. I like to be able to leave my phone plugged into my charger when I get home and not touch it again till morning.


    3rd for most services it makes account sharing really inconvenient if not impossible. Which is a major drag when a household uses a single account.


    4th.. god help you if the need arises to change your phone number. It’s a massive PnA. And just in general changing your phone has become much more difficult.


    But thank you info-sec people ... really appreciate you keeping me safe ... Think I rather get hacked...at least scammers are some of the most helpful and polite people you’ll ever meet.

    • Avatar

      wright_is

      In reply to red.radar:

      Changing your phone number shouldn't be a problem. You should never use your phone number as a second factor - SMS or call - because it is insecure.

      If you use an authenticator app, you can print out the QR code and store it safely, when you get a new phone or a second family member needs to share the account, just scan the QR code and put it back in its secure location.

      I'd rather a little inconvenience than having my account hacked.

      Even my home servers have 2 factor turned on - valid user/password, plus being accessed from a known-good device (ssh with PSK).

Leave a Reply