Allow Email as 2FA Method

Ring’s new 2FA strategy is EXTREMELY DANGEROUS in that it puts people’s lives and property at risk for seemingly no legitimate reason.

Apparently, Ring is requiring the use of 2FA, but eliminating Email as a 2FA option (without providing any explanation to users).

Email may not be the most secure 2FA option, but it may be a far better option for many users than the two (undesirable) options Ring is attempting to force on users.

For example, anyone who knows anything about privacy/security knows:

  • It’s a bad idea to provide a mobile phone number to a company just because they insist you do so
  • It’s well documented that SMS text messages should NOT be used for 2FA purposes
  • It’s dangerous to install software on a device just because someone wants you to do so

Unfortunately, this is simply the latest example of a seriously anti-consumer decision by Ring. Although it may be good for Ring, it is definitely not good for its users. In fact Ring will, by definition, cause SERIOUS HARM to users if it eliminates Email as a 2FA option.

If Ring wants to require MFA, Ring should:

  • Expand the number of MFA options available (to four or more)
  • Explain all the pros/cons of each method, so users can make informed choices
  • Allow users to register multiple MFA methods

If Ring wants to show its utter contempt for its customers, it can continue to threaten to cut off access to hardware/services that CUSTOMERS HAVE ALREADY PAID FOR. Doing so, of course, would put people’s lives and property at SERIOUS RISK, for no legitimate reason (other than corporate greed).

Please allow Email to be used as a 2FA method. It’s the right thing to do. Thank you.

Completely agree. Removing email auth is part of a disturbing trend to force users into revealing their phone numbers and downloading apps we don’t actually need.

It’s also not a valid security decision, because email is a perfectly safe method of authentication for those of us with government or top-security email providers.

My guess is a product development manager with just enough knowledge of security to pass an opsec 101 exam thought it was a 200 IQ idea.

1 Like

Likely the reason is that people’s emails are constantly being hacked because they either use the same password in multiple locations or use easy to guess passwords.
Why would you do business with a company, one that’s providing you with security monitoring, and not feel comfortable sharing your phone number and/or using a security app to make your account more secure?
I personally use a password manager that can use TOTP for my 2FA for my Ring account, which is tons more secure than email or SMS. You might look into using one as well since at the same time you can make your various internet accounts more secure by using random passwords.

Oh boy, lot of assumptions to unpack here.

Firstly, you’re in favor of denying consumers the choice of which authentication they’d like to enable. Can you provide more information on why you feel consumers shouldn’t be able to decide for themselves the level of security they want, considering that all options are effectively secure for the average user?

Secondly, you’re assuming that most people are using the same passwords everywhere. Every service at signup encourage users to choose unique passwords. If they choose not to, that’s their own risk.

Thirdly, you’re assuming that enough users get their emails hacked that it’s simply unsafe to use email for authentication. Can you provide more information about how common that is?

Fourthly, you believe that your own personal preference for an authentication manager should apply to everyone. Considering that everyone has their own security-to-convenience balance preference, it’s pretty close-minded and arrogant to enforce your subjective wishes onto other adults.

Fifthly, you’re assuming everyone should be comfortable giving their phone number to Ring. Talk about hail corporate. Not everyone on Ring is the purchaser of the product. I didn’t purchase my cameras; my husband did. HE filled out a detailed order form including his phone number, not me. There is no reason for Ring to know my phone number. I don’t need to provide any reason stronger than that.

1 Like

I 100% agree with you, that it is a stupid idea to remove the option of having email 2FA completely.

I work at a government facility. I am not allowed to bring my mobile phone into the facility at all.

I work 12 hour shifts.

Removing the email 2FA option, means I will no longer have access to view my ring devices when I am away from home!! Which defeats the whole purpose of having cameras to monitor what is happening.

You don’t need to use a phone for 2FA. I use a web based password manager that support TOTP so I’m able to login using that, and not a cell phone. So you can continue to view your ring devices when you are at work.

Hey neighbors. Over the past year we have been making various efforts to ensure our neighbor’s safety when using their Ring products and services. In an effort to stay in line with industry’s best practices, Ring is phasing out email as a method of account verification as a part of Two-Step Verification, and the options that neighbors have now to log in are the SMS or an Authenticator App. If you are unable to use SMS verification, we recommend using an Authenticator App, which can be installed on a mobile device, PC, or laptop.