Ring’s latest security updates are good, but still opt-in

Ring, the video doorbell maker dubbed “The largest civilian surveillance network the US has ever seen.” Is rolling out new but long overdue security and privacy features.

The Amazon-owned company’s reputation was hurt after account breaches in late 2019 in which hackers broke into Ring user accounts and Children tortured in their own homes. Then, taking advantage of the rings advantage weak security practicesHackers developed bespoke software Enforce Password Brutally On Ring accounts, which at this time were only protected by the user’s password. At all times, there were multiple caches of Ring user passwords floating around on the dark web. ring at the beginning blame its users To use weak passwords (such as “password” and “12345678”, which Ring allowed users to set as passwords), but a few months later the company rolled out mandatory two-factor authentication by text message. He accepted his failures by getting out. It was a good start, intended to make it more difficult – though only slightly – to prevent the bulk of automatic account hijacking.

But now Ring is going a step further by rolling out app-based two-factor authentication, which many companies already offer (and have for some time) because it uses two-factor code using an encrypted connection. Offers more secure delivery. For text messages, which are susceptible to interception.

Ring is enabling CAPTCHA to add another constraint to its apps, which aims to make automated login attempts more difficult, by helping users prove they are not robots.

Also announced is the launch of video end-to-end encryption, which Ring first introduced as a technology preview earlier this year. One of Ring’s most spectacular (though highly controversial) features is allowing users to directly share video footage with the more than 1,800 local police departments that partner with Ring. That said, police with a search warrant can always ask for footage from Ring. Video end-to-end encryption will mean that any video captured from a Ring device can only be accessed by the account owner – not Ring, or any of its law enforcement partners.

Ring CTO Josh Roth said in a blog post That Ring believes that “our customers should control who sees their videos.” If this were true, Ring would have turned on end-to-end encryption for all users, giving each account owner privacy by default. But it would interfere with the company’s efforts Expand your police involvement, which in turn helps in getting the Ring device in the hands of the local residents.

Compared to previous security updates, which weren’t nearly enough, Ring’s new features make meaningful changes that give users the option to make their accounts more secure and their data private. But the keyword is “like”, because users have to opt-in to the new features. This in itself is not unusual; Companies rarely enforce security changes on users for fear that it will add friction to the user experience, although recovering from account hacks is undoubtedly worse due to poor security controls.

Switching to app-based two-factor authentication is easy, just with Rings. go to account settings And switch from a code sent by text message to a code provided by an authenticator app. We have a full explanation of why this is important, why you should use an app, and which apps you’d like to use.

But the biggest change that Ring users can make is: Enable end-to-end encryption on your accounts through the advanced settings of Ring’s Control Center. Switching to end-to-end encryption won’t stop you from sharing what you can with your account or video footage with friends, family or the police, but it will give you peace of mind knowing that you’ll have control over your data and what you do with it, and not Ring.

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories