Ring Announces New Security Protocols After Customer Complaints of Account Hacks

The security company is making two-factor authentication mandatory and is considering allowing users to opt out of sharing their data with third-party companies.

• By Haley Samsel
• Feb 20, 2020

In response to highly publicized complaints from customers about their Ring cameras being hacked, the Amazon-owned company announced new security protocols on Tuesday that will make their products more secure for customers.

Ring is now making two-factor authentication mandatory for all users when they log into their accounts. Each time a customer logs in, the company will send a code through an email or phone number associated with the account. The six-digit code -- which many consumers have become familiar with through other websites -- will add an extra layer of security to Ring accounts, making it harder for hackers to gain control of the account and its devices.

“Your account safety and security is our priority,” Leila Rouhi, the president of Ring, said in a statement. “We will stay vigilant and continue to give you more transparency and control over your devices and personal information, and help keep your home and Ring account secure and protected.”

In addition to the mandatory two-factor, Ring pointed to steps it had already taken to make accounts more secure. Since December, users have been notified with each new login attempt, which can help customers figure out if the login is coming from a suspicious source.

The company also addressed criticisms that it was sharing user data with third-party marketing companies, a fact discovered by security researchers last month. Those third parties included Facebook. Now, Ring says that it will “temporarily” pause the use of “most third-party analytics services in the Ring apps and website” while the company works on ways to allow users to opt out of data sharing.

Users can also opt out of sharing information with third parties for the “purpose of receiving personalized ads” through the app’s Control Center. Future changes to opt-out policies will be communicated to Ring customers through email.

Ring’s critics say that the steps are still not enough to address their central critiques of the company, which have often centered around Ring’s close relationships with nearly 1,000 law enforcement departments across the country. Through the app, police departments can request video footage from users who live close to where a crime took place.

Privacy advocates have said this process eliminates any outside oversight of the footage, and that Ring has essentially used police departments as marketers to community members. The U.S. House Committee on Oversight and Reform sent a letter on Wednesday requesting documents and information about Ring’s police partnerships, escalating the debate over the initiative.

“Ring has done precious little to address the broader threats to privacy that their devices enable,” William Budington, a technologist for the Electronic Frontier Foundation, told The New York Times.

The company (and outside security experts) encourage users to set a strong password that is not shared among other online accounts in order to ensure account security. In addition, the Times noted, “a company’s data security practices should be a major consideration when shopping for a security product.”