Ring enables mandatory two-factor authentication and new privacy controls in response to scandals

From The Verge: Amazon’s home security company Ring is changing the way users log into their accounts to increase security and control privacy, the company announced today. Starting this week, Ring will mandate a second layer of security by requiring users to enter a one-time six-digit code sent via email or SMS whenever they try and log in to see the state of their indoor and outdoor cameras. The company which makes the popular Ring Video Doorbell is also introducing new options for users to control when their data is shared with other companies.

The changes are Ring’s latest attempt to overcome the privacy and security scandals that have dogged it in recent months. Last December, critics pointed out that Ring doesn’t warn users when a new device or browser logs into their account, and that two-factor authentication isn’t turned on by default. This means that if someone gets their hands on the password to someone’s Ring account (which is not outside the realms of possibility), they can potentially log in without the Ring owner having any idea. The costs of this could be high, since logging into an account can let you spy on people through their security cameras.

The new emails and SMS messages mitigate both problems. They let you know that someone is trying to log into your account (so you know to change your password if it’s not you), and the six-digit code they contain acts as an extra layer of security. It’s not a perfect solution since support for authentication apps or hardware keys would remove the potential for interception entirely, but it’s a big step forward from the company’s previous opt-in approach to 2FA.

The other change coming this week affects how Ring shares user data with other companies. Ring’s Control Center now lets you stop sharing your data with third parties used to create personalized ads. The company is also pausing data sharing with third-party analytics services while it works on a new opt-out option for the feature. Last month, a report from the Electronic Frontier Foundation found that Ring’s Android app contained multiple third-party trackers which sent out personally identifiable information to analytics and marketing companies.

View: Full Article