A little over a year ago, Ring committed so many security blunders it became impossible to recommend its products, especially after it blamed users for its lax security policies. But the company changed its tune and, more importantly, made amends. Now more than a year later, Ring is worthy of your consideration—here’s why.
Table of Contents
Every time you purchase a new smart home product, you open a window into your life that companies can peer through. For instance, an Alexa speaker isn’t just a convenient voice assistant; it’s also a shopping center and a tracking hub. Voice assistants don’t listen to everything you say, but they link your voice searches to your internet searches.
Security cameras don’t track you in the same manner, but they still come with privacy concerns. Every camera in your home is another device literally watching you, another device that you’re trusting not to share your intimate moments with the world. That’s where it wrong for Ring.
Thanks to a combination of weak passwords and social engineering, Ring users discovered other people were watching their camera feeds, even speaking to their children. It’s a nightmare scenario. In response, Ring blamed users for their password practices when the company should have owned up to its mistakes.
At the time, Ring didn’t check for weak passwords, and it didn’t require two-factor authentication. The Ring app didn’t have a function to determine who had access to your cameras. The company shared your information with third-parties without a way to opt-out, and it didn’t offer end-to-end encryption for camera feeds.
Around the same time, Ring’s uncomfortably close partnership with law enforcement came to light. That partnership isn’t necessarily a problem, but absent transparency in the middle of a scandal, it wasn’t a good look. Nor was the need to fire four employees for watching customer videos without permission.
Thankfully, Ring has changed course.
So, why does Ring deserve a second look after so many stumbles? Because it started taking security seriously. It stopped blaming users for weak passwords and started requiring strong passwords. Last year, we were able to create a Ring account using “password” as a password. Ring put a stop to that.
Not only does it require a complicated password (eight characters, upper and lower case, one number, and symbol), but it checks for simple passwords. We tried “Password1!” and it rejected that as too common. You can’t include your name or email in the password either.
Additionally, Ring now requires two-factor authentication on all accounts. If you do reuse a password (please don’t: use a Password Manager), two-factor authentication should keep the bad guys out even if they have your compromised credentials. Additionally, Ring now checks for compromised credentials and will notify you if you need to change your password.
Ring also introduced a privacy dashboard that lets you see all connected devices and remove them if you don’t recognize a phone or tablet. The company paused third-party analytics long enough to introduce opt-out options in the dashboard. Opt-in would be better, but opt-out is a step in the right direction.
And recently, Ring introduced End-to-End encryption for wired cameras. That should prevent anyone from intercepting your camera feeds. It would be good to see wireless cameras get that treatment, but it’s another win for privacy.
While Ring hasn’t backtracked on its close relationship with law enforcement, it is more transparent now. You can now check Ring’s active agency map to see if law enforcement in your area works with Ring and how many video requests those agencies have made recently. A partnership doesn’t necessarily constitute a bad thing, but transparency helps with decisions that require trust.
Ring’s practices aren’t perfect yet, but it’s vastly improved.
Last year, we wrote that to regain our trust, Ring needed to enable two-factor authentication by default, check for reused passwords, prevent weak passwords during setup, and start checking IP addresses during login.
Ring did all of that—except IP Logging. Two-factor authentication is now on by default for all users; you have to opt-out. Ring won’t let you use a weak password, and it scans databases for compromised credentials.
The new privacy dashboard goes above and beyond our recommendations, and you can now easily see who has access to your account and remove them. You have greater control over what Ring shares, and if you have a wired camera, it uses end-to-end encryption. That’s nearly everything we asked for, plus more.
The one thing we’d still like to see is IP Logging. Whenever someone attempts to log into a Ring account, Amazon can tell if the request originated from somewhere unusual. A Ring representative previously told us Ring would take action if a login attempt seems suspicious, but our experience says otherwise.
While writing this article, we were able to log into an American-based Ring account from a Switzerland-based IP. That should have been suspicious, but Ring let it through. However, Ring sent immediate notifications and emails about the sign-in and provided a date, time, and a partial IP. That should be enough information to determine if someone outside your family logged into an account. However, you’ll have to dig into the Control Center in Ring’s app on your own to kick the new device. We’d suggest Amazon provide a direct link in the notification for your convenience.
A total block would still be better, but Ring’s new tools gave us exactly the information to protect our account from a would-be hacker. That’s a big change from the past. And that’s exactly why you can trust Ring again.
The fact that a company made mistakes should never be the whole story. It’s what the company does next that counts. Ring made mistakes, there’s no denying that fact. But over the year, it’s taken solid steps to correct those mistakes, provide more transparency, and the tools to protect your security cameras.
That makes it worth your time and money again.