Ride the Lightning

New Ring Devices Will Require Two-Factor Authentication

January 8, 2020

It is hard to protect people against their own stupidity, but Ring is trying. As CNET reported on January 6, Ring is rolling out mandatory two-factor authentication for new devices as well as a new customer Control Center.

Ring's CEO Jamie Siminoff said he cried when he saw a video of a hacker slinging profanities at an 8-year-old in her Mississippi bedroom through a Ring security camera her parents installed.

Ring, which is owned by Amazon, revealed tighter privacy and security measures for its video doorbells, cameras and lights, including a new Control Center for users' privacy settings.

These new features come after Ring faced a wave of criticism for security problems and its partnerships with police, which privacy advocates view as a dangerous step toward mass surveillance. Siminoff staunchly stood by those police partnerships, saying they're helping solve crimes, but added that he will continue to work to improve security measures for his products.

Sales of Ring products haven't appeared to be affected by the controversies, with strong growth for the security devices, according to both Amazon and the research firm NPD.

With the new changes, all new Ring devices — including those being added to existing accounts — will have to be set up using two-factor authentication, a security measure that requires both a password and a code entered from a text message. That extra layer of security would prevent hackers from accessing a security camera if they only stole your username and password, as was the case in Mississippi. There's no set date for when this change will happen yet.

Ring isn't requiring its millions of existing customers to switch to two-factor authentication but is instead continuing to strongly recommend they make the change on their own. Siminoff said the switch requires that users log out, so that they aren't forced off their security systems to make the change. He said such a decision could endanger customers and cause more harm than good, since Ring systems provide users with critical real-time information.

Ring also created a new Control Center, which is slated to come to the Ring app later this month and will help customers manage their privacy and security settings. The first major feature will be allowing customers to opt out of receiving any requests for video footage from local police.

The company has teamed up with hundreds of police departments across the country to allow its users to share videos of potential crimes. Ring said it's always allowed users to opt out of receiving video requests through an unsubscribe link or a call to customer service but adding that option into the Control Center will make it easier for customers to turn off these requests.

Added to these new features, Ring said it already resets customers' passwords if their accounts are breached and blocks potentially unauthorized access to accounts. The company also flags logins from new devices to users' accounts and lets them block access. However, Vice reported last month that it found Ring's security protocols to be faulty and lacking. Ring said it also reviews stolen account credentials taken in other hacks and informs its customers if their credentials match any stolen usernames or passwords.

These changes may not go far enough, but these are good steps. If you are a current Ring user, make sure you enable two-factor authentication!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson