As I stated in another Feature Request, Ring needs to:
- Expand the number of 2FA options
- Explain all the pros/ons of each method, so users can make informed choices
- Allow users to register multiple 2FA options
Requiring the use of 2FA, then forcing users to choose between one of two options is an anti-user strategy. When you look at the various categories of 2FA options in existence, it makes no sense to limit customers in this manner.
As forum member actualsecurityknower pointed out in another thread, everyone has their own security-to-convenience preferences. In fact, I suspect that individual users probably use different 2FA (and/or MFA) options in different situations. Obviously, there is no “perfect” 2FA option. Thus, each user should be allowed to decide the 2FA choices that are best for them.
For those customers who like to use physical security keys for 2FA purposes, I would like to see the following types of 2FA options available:
- YubiKey Fido2 options
- YubiKey TOTP options
Also, please note that in the Ring mobile app, the current “nag screen” strategy is truly obnoxious and puts people (and property) at risk for seemingly no legitimate reason. One has to wonder how many Ring customers have hurriedly grabbed a device to check the Ring app when they heard scary noises and/or an alarm sounding… only to be stopped/delayed by the nag screen. Why is Ring refusing to explain why email is suddenly being dropped as a 2FA option? Why do customers have to suddenly “drop everything” in their lives to accommodate Ring demands? Have the accounts of customers who use email as a 2FA option been breached, as a result? If so, why weren’t the affected customers notified immediately?