Amazon Ring Enables 2FA After Privacy Scares

Amazon’s Ring division has continued to tighten up the security of its smart home devices with the news it is making two-factor authentication (2FA) mandatory.

Last month Ring had responded to criticism of the security of its home security devices by introducing new control features to the Ring app. Ring said a Control Centre feature will allow users to manage which devices can access Ring services, and to opt-out of receiving video requests from police departments.

That came after Ring had made headlines last year following a number of incidents in which unauthorised third parties were able to access Ring devices. In some cases the hackers were able to view the users’ children and even speak to them via a Ring device speaker.

Ring 2FA

At the time, Ring said that the intruders had accessed the devices using credentials that had been reused elsewhere and then leaked in data breaches.

But Ring has also been criticised for its partnerships with police departments around the US, giving them access to Ring feeds.

And last month the Electronic Frontier Foundation published a study that showed Ring was sharing personally identifiable information with third-party analytics firms. To make matters worse, Ring had not disclosed that fact to its customers.

Amazon had purchased Ring in 2018 for a cool $1 billion, and now the firm in a blog post announced it will make make two-factor authentication mandatory as part of its efforts to introduce “extra layers of security.”

Users will receive a one-time, six-digit code every time they attempt to log in, either via email or text.

Users will also be able to opt out of personalised advertising, and Ring will provide additional options to limit sharing information with third-party service providers.

“We take digital security and privacy seriously and continue to evaluate additional ways to provide you even more control and transparency over your Ring account and personal information,” said Ring.

“While we already offered two-factor authentication to customers, starting today we’re making a second layer of verification mandatory for all users when they log into their Ring accounts,” it said. “This added authentication helps prevent unauthorised users from gaining access to your Ring account, even if they have your username and password.”

Data sharing

Ring also said it beginning immediately, it is temporarily pausing the use of most third-party analytics services in the Ring apps and website while it works on providing users with more abilities to opt out in Control Center.

The move has been welcomed by cyber-security experts.

“After all the backlash Ring has received for their privacy and security issues, this is an excellent move and must be commended. Google recently added 2FA as default in Nest and, as in usual fashion, other manufacturers follow suit,” said Jake Moore, cybersecurity specialist at ESET.

“Making 2FA default adds an extra layer of protection,” said Moore. “It must be noted that it can still be compromised, but it is that much harder for a cyber criminal to carry out.”

“To go one step further, downloading an authenticator app is even quicker and will remove having to use a mobile phone number, which is where some of the other security issues lie,” Moore said. “Once devices like this make it easy to use, security finally becomes convenient.”

Do you know all about security? Try our quiz!