Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement
Bitcoin Exchange CEX.IO

Ring Introduce 2FA After A Host of Hacks

Written by  Feb 19, 2020

IoT connected doorbell-maker Ring is now requiring two-factor authentication (2FA) for all users when they sign into their accounts.

The new requirement comes after Ring faced a backlash in December following a host of disturbing hacks and security issues tied to the smart doorbell.

While Amazon-owned Ring offered 2FA as an option to customers before, now the second layer of verification will be mandatory to all users. That means that when users log into an account, they’ll receive a one-time, six-digit code (via email or phone) to verify their login attempts, which they will need to enter before receiving access to their Ring accounts.

“This added authentication helps prevent unauthorised users from gaining access to your Ring account, even if they have your username and password,” said Leila Rouhi with Ring, in a note to customers posted on Tuesday.

The new measures come on the heels of a Motherboard investigation in December that discovered serious security holes in Ring doorbells. As part of the security testing, Motherboard logged into a Ring account (both on the app and the website) with its corresponding email and password from various IP addresses worldwide. While Ring offered 2FA as an option at the time, Motherboard found in multiple tests that people who were already logged into the app didn’t need to log back in after 2FA was already enabled (though Ring did log users out after password changes).

The report also found that no alert was triggered notifying the Ring owner about the suspicious login attempts – even with simultaneous logins occurring. And, Ring did not appear to restrict the amount of incorrect attempts that a user can make for logging into their app, according to Motherboard.

The investigation came as Ring devices were hit by a disturbing slew of attacks over the past few months, leading to a cry for increased security measures by the internet of things (IoT) company.

On Tuesday, Ring said that in addition to mandatory 2FA, it now also has addressed issues pinpointed by Motherboard’s investigation by alerting users when someone logs into their accounts.

“Last December, we launched login notifications for Ring accounts, which alert you by email anytime someone successfully logs into your account from a new device or browser,” said Rouhi. “We will continue to send these login notifications so you can take immediate steps to protect your account if you were not the one who logged in.”

Data Privacy

Ring said it has now temporarily paused the use of most third-party analytics services in the Ring apps, while working on providing users with more abilities to opt out of these services in the Control Center. Ring said it will provide users with additional options to limit sharing information with third-party service providers in early spring. And, users can now opt out of sharing their information with third-parties, which is done to receive personalised ads.

“If you opt out, Ring will not share the information required to serve you personalised ads, though you may still see non-personalised Ring ads from time to time,” said Rouhi. “Although we believe personalised advertising can deliver a better customer experience, beginning this week we will provide you with a choice to opt out in Control Center.”

Do you find this article useful? Comment below...

Paul Anderson

Our Cyber world tech journalist, Paul specialises in Cyber Security having worked in the field for over 5 years and has previous Tech admin roles to his credit. Applying Cyber tech to office use and sharing Cyber related articles are what Paul offers us. He is very experienced and his contribution is invaluable.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement
gadgets ad

Popular in Security