Ring finally makes two-factor authentication mandatory after series of hacks

Ring has faced a torrent of criticism in recent months.

Feb 18, 2020, 12:46 pm*

Layer 8

Andrew Wyrich 

Andrew Wyrich

Ring Two Factor Authentication Mandatory

Joni Hanebutt / Shutterstock.com (Licensed)

Ring, the Amazon-owned smart device company, announced on Tuesday that it was making two-factor authentication mandatory when users log into the device’s app.

The move comes as Ring has faced a torrent of criticism amid a string of hacks, privacy concerns, and the company’s relationship with law enforcement agencies.

The company, in a blog post, said while it had previously allowed users to use two-factor authentication, it will now be mandatory. Now, when users log in to their Ring account, they will have to input a six-digit code sent to them via their phone or email.

The new mandatory two-factor authentication will begin rolling out to users today, the company said.

In the wake of a number of Ring cameras being hacked—including one case where a hacker taunted a child in her bedroom in Mississippi—the company seemed to place blame on customers for not using “security best practices.”

However, the company has had its own lax security practices. Last year, a vulnerability in the Ring doorbells could have exposed the WiFi usernames and passwords of owners to hackers.

In a blog post in December, the company encouraged users to use two-factor authentication, and critics pointed out that they should make the option mandatory.

Tuesday’s announcement does not address other concerns that have cropped up, including brute force attacks or setting limits to the number of failed login attempts from a single device or IP address. A Ring spokesperson to the Daily Dot that it rate limits login requests so when an “unusual volume” of attempts made from a single IP address are repeated, it bans and blocks that IP address.

While two-factor authentication is a step in the right direction for trying to prevent hacks, it will do little to quell other criticisms of the company–—particularly its relationship with law enforcement.

The cameras allow users to enter a portal where they can opt-in to allow police departments to request footage from their cameras.

The partnerships with law enforcement have caught the eye of digital rights groups and even members of Congress. Sen. Edward Markey (D-Mass.) released answers he received from Amazon regarding the company’s work with police, where—among other things—they said there were not robust restrictions on how long law enforcement could hold onto footage gathered from Ring users.

On Tuesday the company also announced that it was pausing sharing users information with “most” third-party analytics services, following a report from the Electronic Frontier Foundation last month that highlighted how third-party trackers were being sent information from Ring’s Android app.

This post has been updated to include comment from Ring.

READ MORE:

Share this article
*First Published: Feb 18, 2020, 9:39 am