Multi-factor authentication using SMS is the least secure

noruse · April 23, 2021, 6:20pm

Hello.

When are we getting the option to use an authenticator app or a physical security key for the MFA?
The SMS option are still the least secure way of MFA out there.

SMS are not encrypted
SMS codes are vulnerable to phishing
You are in need of a phone service, which can down or out of reach.
SMS will most likely not get any more secure .

I see peoples have been asking this question a while now, but not much have been done as far as I can see/ find info about.
So for a company who are in the security business it dont give a very good commercial value I think.
Please get some of your tech guys on this and come up with a safer solution.

regards Rune

estmatic · February 12, 2021, 11:54pm

Case in point, the issue on Jan 23 where T-Mobile users couldn’t receive the 2FA token for 7 hours.

Tom_Ring · February 15, 2021, 3:50pm

Thank you for your feedback, @noruse. At Ring we value your security and your safety. While 2SV cannot be turned off, you can pick between text message or email verification codes, whichever is easier for you. In addition, we allow for a Remember Me option from the browser when using Ring.com, and if you are logged into your Ring app on your phone and open the app at least once every 30 days, it should keep you logged in. Check out our Community post about account security for more information. As we always value our neighbors’ feedback, I will ensure that this experience and your feedback is passed onto the appropriate teams here. Thank you, neighbor!

danyg · July 30, 2021, 8:02pm

Except the email option is now being taken away.

Leaving SMS as the only option is a joke and clear data grab by Ring/Amazon. Even Facebook came around to adding an authenticator app as an option. If Ring is truly concerned about security they’d do the same.

As the OP said, SMS is the least secure way to do 2FA.

onstar · July 30, 2021, 9:37pm

Ring won’t even send my wife a verification code via email because she hasn’t logged in for nearly 1 year. They want to do a device verification or a utility bill verification. WTF? We moved and are setting up a new house, and my wife cannot log into her account unless she has access to the old device at the old house (we have no access to that) or unless we provide a utility bill from the old house (we also don’t have this b/c we were living with family and all utility were under their names).

Someone really dropped the ball on the authentication process.

Marley_Ring · August 12, 2021, 6:36pm

Hey neighbors. Over the past year we have been making various efforts to ensure our neighbor’s safety when using their Ring products and services. In an effort to stay in line with industry’s best practices, Ring is phasing out email as a method of account verification as a part of Two-Step Verification, and the options that neighbors have now to log in are the SMS or an Authenticator App. If you are unable to use SMS verification, we recommend using an Authenticator App, which can be installed on a mobile device, PC, or laptop.