Ring App
2FA Needs Work.
Sending 2FA via text only is insecure. Please permit users to use an app for 2FA codes. Also please allow users to store a device for upto 30 days so as to not require repeated 2FA auth on a computer for example. I'm glad 2FA is now permitted but this is one of the worst implementations I've seen in several years of companies permitted this feature.
4225 •
0 •
20 •
15-12-2019 03:37:23
Responses (6)
- B
Constantly having to login in the communties page every few hours with 2 factor is painful
•2
16-12-2019 05:40:53
•
ENot on my phone. I hit post, sign in screen pops up filled out. Then text arrives, copy by simple tap, and paste code done. Rather have the added protection. Takes a few seconds more.
•0
16-12-2019 05:43:25
- C
NIST.gov deprecated SMS based 2-factor back in 2016 -- see [https://www.schneier.com/blog/archives/2016/08/nist\_is\_no\_long.html](https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html)
•1
16-12-2019 05:45:18
•
- M
One prob is delayed text messages, common on TMO. I just tried to enroll in 2FA and didn't get a code for a couple of minutes. Both Google and Microsoft have authentication apps that are easy to use (produce same codes) and produce instant codes that don't rely on text messages.
•1
30-12-2019 03:09:28
•
MMuch of the time I do also receive texts notifications from credit cards when I use them. But others ocassionally get delayed unpredictably. It started a couple of years ago and there are threads on TMO's support site about this and a worse problem of calls being sent directly to voicemail with no ring. It happens with various phones: Apple, Android and even some sold by TMO. They changed their network during a big expansion and my guess is it was inadvertently introduced into some network setting then. They have never never really acknowledged it other than the lower level support people apologizing but not actually solving the problem. I cured mine almost completely by reseting my phone's SMS network settings by trial and error. That cured the problem almost completely, but it still happens sometimes.
•0
30-12-2019 03:44:27
YI agree with the above poster that we need to be able to use security keys such as the yubikey. Plus like the OP sai, 2FA by SMS is woefully inadequate. If Ring really "cares" about security and privacy they wouldn't hesitate to implement more secure 2FA options. And to give us complete control over our privacy and security options.
•0
06-02-2020 09:23:17
- R
Agreed. Not only that, it requires surrending more personal information to Ring... your cell phone number. This implementation is known to be hackable and yet Amazon/Ring seems to think it's a good idea. Maybe fine for people with dumb cell phones and no fears. Using an authicator app to generate one-time passwords is really not that hard. Provide a better 2FA option. ASAP.
•1
21-02-2020 10:13:04
•
Didn't find an answer ?
Log in or create your Ring account to post a question and join in the on the conversation.
Community Resources
Most Helpful Members
View All
©2024 Ring LLC or its affiliates
SecurityNerd
Agreed. In the age of SIM Jacking, texting codes is a miserably poor attempt at 2FA. Better is tokens like the YubiKey Security Key, FIDO2, U2F, or even Google Authenticator.
1
16-12-2019 12:02:27
•