Mandatory two-factor authentication is coming soon to Amazon’s home surveillance system.

Mandatory two-factor authentication is coming soon to Amazon’s home surveillance system.

Following a spate of customer complaints and lawsuits that claimed Amazons Ring home surveillance system left customers vulnerable to hacks, the company announced Tuesday that its finally making two-factor authentication mandatory for its devices. Also, following reports that the companys apps shared personal information with third parties, Ring said it was suspending third-party analytics services and giving customers the ability to opt out of data sharing with advertisers.
Now that Ring is rolling out two-factor authentication for all its apps and web services (including its social media platform Neighbors), customers trying to log into their accounts will get a six-digit code via text or email that they must enter along with their password. This helps prevent hacks from parties who only have the account owners password assuming that the account owners using the authentication-by-email option arent using the same password for their email.
Last month, Ring had made two-factor authentication a default setting on new devices, but that didnt protect its existing customers. Todays change comes a week after Google announced it will be requiring two-factor authentication for all Nest accounts that arent connected to a Google account.
Ring did not respond to Recodes request for comment on if this recent decision was influenced by Google, but the company did say it was the next step in a long line of privacy and security updates Ring is making to bring even more transparency, privacy, and control to users via Control Center.
A Ring spokesperson also told Recode that mandatory two-factor authentication will be rolled out over the next few days, so users may have to wait a little while longer before they are forced to secure their accounts. They must also update their apps to the most recent version.
Heres what the two-factor login screen will look like, for those of you who didnt enable it when it was optional. (But you really should have it on every account that offers it. Look how easy it is!):
Ring
Recode had previously written about how it was a disservice to Rings customers not to make this security measure mandatory, considering how invasive it would be for an unauthorized user to access the companys devices which, as several stories and subsequent lawsuits alleged was a very real possibility. Several Ring customers reported that hackers commandeered their cameras some of which were inside their homes and talked to and threatened them through Rings two-way remote speaker feature.
While Ring had offered two-factor authentication as an option, thats not nearly as effective as making it required for users. Studies have shown that people are unlikely to use two-factor authentication when it is offered, and at least one of the parties suing Ring claimed he didnt know two-factor authentication was even an option.
Ring also announced that it has temporarily suspended most third-party analytics services in its apps and websites. A recent report from the Electronic Frontier Foundation (EFF) noted that Rings app for Android devices sent personally identifiable information about its customers to third-party trackers, including Facebook.
Ring is also offering customers the ability to opt out of having their information shared with advertisers. Platforms like Facebook, Google, and Twitter also allow users to refuse to have their information shared with advertisers. But this does not stop them from collecting that information in the first place.
A representative for the EFF told Recode the group was in favor of Rings new policies, but it does not think they go far enough.
These reforms come after a backlash against Ring for its recklessness in considering security concerns, and did not happen until after customers privacy and personal information were compromised, Matthew Guariglia, a policy analyst at EFF, said. Making two-factor authentication mandatory and offering more transparency and control over third-party trackers are steps in the right direction. However, we continue to express serious concerns about Rings fundamental problems of surveillance and enmeshment with law enforcement that threaten the larger community.
Users can opt out of data sharing in Rings Control Center, which the company introduced a few weeks ago. The control center lets account owners see and manage who has access to their accounts. There is also a section that lets users specify how and when law enforcement can access their Ring footage, including a new option that allows them to opt out of this entirely. Rings partnerships with almost 900 police departments across the country have been a major source of controversy for the surveillance product. Users have always had the ability to turn down police requests to see their footage, but now they can opt out of receiving police access requests from the start.
To opt out of third-party data sharing on your Ring app, go to the Menu (tap the three horizontal lines on the top left) > Control Center > Privacy information and control > Third-party service providers > Personalized advertising. Toggle the switch to disable.
Ring
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Share