Ring Doorbell Makes Two-Factor Authentication Mandatory After Complaints
Ring, an Amazon-owned video doorbell, recently implemented two-factor authentication as its default security setting. This new authentication occurred after the company received multiple complaints from its users. Previously, all a hacker would need to access a customer’s doorbell footage was their username and password.
Many people use the same login details for multiple applications. Without two-factor authentication adding another layer of identification to the username and password, all a hacker would need was common login details to gain access to user data. Those details could then be used on other platforms to access even more sensitive information.
Making this problem even worse, Ring was sharing its customers’ data with third-party companies, such as outside analytics firms. The data being shared was also easily personally identifiable, making it a ripe target for hackers. Customers weren’t aware that their data was being shared with other parties, which increased the risk of potential data breaches and certainly didn’t comply with the current General Data Protection Regulation (GDPR).
To amp up security protocols, Ring has now made two-factor authentication mandatory. Now, after users enter their username and password, they are prompted to check their text messages or email to receive a six-digit code to log in and see their video footage.
To address additional complaints about data sharing, Ring has also temporarily paused sharing with most third parties until it can figure out how to have customers opt in or out.
Companies now develop and use so many applications that ensuring security on all of them is a gargantuan task. IT departments and security experts who are already working with tight budgets may find it difficult to thoroughly evaluate the security of all their applications. This scenario makes it easy for some applications to fall through the cracks and miss receiving extra protocols, such as two-factor authentication.
Penetration testing is a service offered by security companies to ensure every single application is protected by multi-factor authentication. Even if an IT department can handle penetration testing internally, getting a second opinion and approaching a problem from multiple angles is key in cybersecurity. Hackers are crafty and diverse; make sure application security is tested by professionals who are knowledgeable and equally as diverse.