/Ring enables mandatory two-factor authentication and new privacy controls in response to scandals – The Verge

Ring enables mandatory two-factor authentication and new privacy controls in response to scandals – The Verge

Share and Alert them all
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Amazon’s home security company Ring is changing the way users log into their accounts to increase security and control privacy, the company announced today. Starting this week, Ring will mandate a second layer of security by requiring users to enter a one-time six-digit code sent via email or SMS whenever they try and log in to see the state of their indoor and outdoor cameras. The company which makes the popular Ring Video Doorbell is also introducing new options for users to control when their data is shared with other companies.

The changes are Ring’s latest attempt to overcome the privacy and security scandals that have dogged it in recent months. Last December, critics pointed out that Ring doesn’t warn users when a new device or browser logs into their account, and that two-factor authentication isn’t turned on by default. This means that if someone gets their hands on the password to someone’s Ring account (which is not outside the realms of possibility), they can potentially log in without the Ring owner having any idea. The costs of this could be high, since logging into an account can let you spy on people through their security cameras.

You have the choice of Ring either emailing or sending you an SMS code when it detects a new login attempt.
Image: Ring

The new emails and SMS messages mitigate both problems. They let you know that someone is trying to log into your account (so you know to change your password if it’s not you), and the six-digit code they contain acts as an extra layer of security. It’s not a perfect solution since support for authentication apps or hardware keys would remove the potential for interception entirely, but it’s a big step forward from the company’s previous opt-in approach to 2FA.

The other change coming this week affects how Ring shares user data with other companies. Ring’s Control Center now lets you stop sharing your data with third parties used to create personalized ads. The company is also pausing data sharing with third-party analytics services while it works on a new opt-out option for the feature. Last month, a report from the Electronic Frontier Foundation found that Ring’s Android app contained multiple third-party trackers which sent out personally identifiable information to analytics and marketing companies.

You can now opt out of letting Ring share your data for the purposes of ad targeting.
Image: Ring

This is just the latest change Ring has made to its app to add more privacy and security controls for users after public outcry. Last month the company added a new privacy dashboard to let users better manage their devices, and control whether local police departments can request video footage from an owner’s Ring camera.

Ring says the changes will be rolling out starting today, and that all Ring users should have access to them in the coming week.

Update February 18th, 9:15AM ET: Updated to reflect new roll out information provided by Ring.