Ring has a security problem, and we think the company should be responsible for addressing it. Thankfully, it seems Ring is taking that advice to heart and plans to implement a Privacy Dashboard and changes to ally some of those concerns.
Ring’s Security Woes
Recently Ring has been in the news frequently, and not in a way the company would enjoy. Several reports described instances of hijacked cameras, leading to unfamiliar voices in owner’s homes, and even blackmail attempts. Ring’s response was to blame users for reusing passwords.
The company also got into hot water for its unclear relationship with law enforcement. While a relationship with law enforcement isn’t a bad thing, a lack of transparency surrounding that partnership is.
The company plans to address both problems with a new Privacy Dashboard and a change to new user accounts.
A Privacy Dashboard For Clarity of Access
Ring says its upcoming Privacy Dashboard should make it clear who has access to your cameras, and when. The dashboard will be accessible from the Ring apps (for iOS and Android). Initially, it will allow you to manage third-party services, connected devices, and whether local law enforcement partnered with Ring can make requests to access the video from your cameras.
Ring plans to add more features down the road, including the ability to see and remove logged in users directly from the app. The Privacy Dashboard will also become the new place to set up two-factor authentication.
Two-Factor Authentication Will Be Opt-Out
Ring continues to maintain its servers have not been hacked. Instead, it says any unauthorized users accessing Ring accounts are merely scouring reused passwords from hacked databases. Unfortunately, many people continue to reuse passwords instead of utilizing a password manager to create unique, complicated passwords for all their services.
Beyond unique passwords, one effective method to prevent unauthorized access is two-factor authentication. Even if a bad actor manages to steal your credentials, they’ll need a second “proof of identity” to get into your account. Unfortunately, Ring (and nearly every other company) makes two-factor authentication opt-in.
Going forward, that’s changing for new users. Ring says it will make two-factor authentication “opt-out” instead of “opt-in.” Users will still be able to skip two-factor authentication if they prefer, but new users will have to choose to turn it off, rather than turn it on.
The company says existing users won’t be affected by the change, in part because it would require logging all user accounts out.
These changes are a step direction, but the company could still do more. Ring doesn’t plan to scan leaked databases for reused passwords, for instance, and that could go a long way to prevent similar issues in the future. But any progress is still good progress.
Source: The Verge