Ring, the smart-doorbell company owned by Amazon, announced Tuesday that it will require two-factor authentication for all user accounts. In addition to a password, users will need a one-time code sent via email or SMS each time they log in to their accounts.
According to a spokesperson, Ring will begin rolling out mandatory two-factor authentication immediately, and it will be active for all users within the week. The company, best known for its doorbell cams, says any login attempt after the new requirement is activated on an account will require two-factor authentication, also known as “2FA”. That means it’s vital for users to make sure the email address and/or SMS number associated with their account are accurate.
Ring also says customers must have the latest version of the Ring app installed on their mobile device to be able to use two-factor authentication.
Ring, like most digital services, already offered optional 2FA, but did not require it. In a series of incidents late last year, this gap allowed hackers to remotely access cameras to spy on Ring users. In a lawsuit, victims of these hacks argued that Ring should have required two-factor authentication by default because of the extremely sensitive nature of Ring cameras, some of which are positioned to monitor areas within users homes, including children’s rooms.
Ring has apparently decided it agrees. The decision comes less than a week after Nest, a Ring competitor owned by Google, announced that it will require 2FA for all accounts starting this spring, after a spate of similarly bad headlines resulting from its cameras being hacked.
The hackers in prior Ring incidents may have gotten the users’ passwords from a data breach, though Ring said it was not hacked and blamed customers’ re-use of passwords from other sites for the breaches. Security experts strongly recommend creating unique, random passwords for every digital service you use. That may sound daunting, but it is made much easier with a password manager, such as Dashlane or LastPass.
Ring also announced this morning that it was “temporarily pausing the use of most third-party analytics services in the Ring apps and Website.” That follows a late January investigation by the Electronic Frontier Foundation, which found that Ring was sharing users’ personally identifiable information, including names and IP addresses, with a number of data collectors, including Facebook and MixPanel. Most of that sharing, which could compromise privacy, was not disclosed to Ring users.
Finally, as part of the same update, Ring said it will allow users to opt out of personalized advertising. Previously, it had not allowed users to stop the sharing of their personal information with Ring’s advertising partners. According to Ring, the opt-out option will be located in the Control Center, the system’s privacy and security dashboard.
More must-read stories from Coins2Day:
—Airbnb’s bottom line is hurting. New safety efforts could make matters worse
—How businesses lost an extra $500 million from email scams last year
—Antivirus software Avast investigated for selling user browsing histories
—Huawei poses a 5G spying risk, but other options are hard to come by
—Predicting the biggest tech headlines of 2020
Catch up with Data Sheet, Coins2Day’s daily digest on the business of tech.
