Recently, Ring security cameras have been in the news for all the wrong reasons. It seems many people were reusing compromised passwords, allowing bad actors to log in and watch or even harass users. Today, Ring announced it’s making two-factor authentication (2FA) mandatory for all users on every login, and it’s pausing third-party analytics.
If you’re going to put internet-connected security cameras into your home, you want peace of mind that you and only the people you allow can access them. Unfortunately, password reuse is a common problem to this day, and that’s led to bad actors breaking into other people’s accounts.
It’s as simple as combing a database from one of the many breached companies and trying username and password combos until you get a hit. Once in, you can see cameras, talk with people, or anything else a legitimate user could do in their account. For a long time now, Ring (which is owned by Amazon) blamed its users for these problems, but now the company is taking our advice and making 2FA mandatory.
Starting today, every time you try to log in to your Ring account, you’ll have to input a one-time use PIN. You can choose to have the PIN emailed or sent via text message, and that extra layer of security should prevent anyone else from logging in to your account.
If you set up shared user access (for family or friends), they’ll have to go through the same process when they access their account.
It’s worth noting that Google recently announced that it would require any users that have chosen not to migrate away from Nest accounts to use 2FA as well.
But, it isn’t just security woes that Ring’s been dealing with lately. The amount of tracking and analytics the company has given to third-parties led to scrutiny as well. Thankfully, starting today, Ring is pausing most of those analytics. Unfortunately, it didn’t specify what it left turned on.
Ring promised to build a new function in its control center (found in the Ring app) that would let you opt-out of third-party analytics. And starting today, you can opt-out of personalized advertising.
These are huge and necessary changes, and it’s good that the company listened to feedback and implemented suggestions. We hope that the Ring will consider adding IP logging as an extra measure to prevent password guessing. But this is a good first step towards a more secure service.
Ring says the updates are rolling out now, and users will need to update to the latest version of the app (for iOS and Android) to utilize them. The company expects all users to see the changes within the week.