Today I’ve needed to log into my Ring account and I could not remeber my password.
My significant concern is that I tried multiple times (over 5 attempts) in a very short space of time and at no point was my account locked because I attempted to login more than 3 times with the wrong password.
I know you can go to the web site and change your password but that is not the concern.
If anyone wanted to hack my account that holds personal details and activity at my home, a hacker could setup an algorithm to keep trying persistently until it found the correct password.
Ring as a security company are significantly lacking on account authentication security. I work in IT, I manage security incidents and know what is acceptible and what is not. This setup is not acceptable.
2 factor authentication can be enabled yes, but many customers will not know what this is and would not of enabled 2FA.
This is basic account security to lock a customers account after 3 incorrect attempts. Especially for a company that sells and provides security systems.
Thoughts from the community?
@Ringsupport. If you read this please raise an incident, escalate to team leads and ensure this is passed to your IT Security team. If you follow ITIL standards consider adding this to your risk register to.