New mandatory 2 factor authentication

Ring is getting sued as a result of a user getting hacked. So they put together a solution that no one gcan get past easily not even a valid user.

4 Likes

To me? A real pain every time I need to check my cam. I’d reather take my chances since I don’t use ring inside my house. I truly hate this feature

7 Likes

it’s a pain in the butt. Give me a choice.

7 Likes

Clean out the house by the time you get the code.

3 Likes

Probably used “0000” as a password.

1 Like

Still should be a choice. You don’t choose it and get hacked, your bad.

5 Likes

We appreciate all neighbor feedback and will continue to send it over to the team. Thanks & have a nice weekend!

@Jen - please pass along the following as well:

* The process of entering 2FA in the community is different than on the regular site. The community site asks you for your username and password, and after you click Sign In, it then removes the password and asks you for it again and your 2FA code. Ring.com site asks you for ursername and password, and after sign-in, it then asks you for the verification code only - you do not have to reenter the password.

* Please add options for offline code genratiion like Google Authenticator

* Make this optional but enabled as default

Thank you.

2 Likes

Yepp, @su_A_ve , very familar with the process as well (it is how we log in too!). I’ll start to explore different options for logging on to the Community. Consider it officially on my ‘To-Do’ list :slight_smile:

1 Like

The odd part is that the behavior is different in ring.com or shop.ring.com than it is here in the community.

Adding Google Authenticator (or order offline one time codes) as an option is probably another story but definitely something you want to look at.

1 Like

I hate it. Only have cameras outside as well. I want the choice - pain in logging into the community, too. What will a hacker get in the community? Email address (use a free unique email only for Ring - dead end for hackers) and a username, or answers to questions? Unless Ring had no security on their side to separate the two areas of camera recordings and community chat? That situation is NOT a user issue but a design issue - the community should be okay with UN/Pswd combo… The line drawn on first login is acceptable but still a pain but then no more should be needed. Ugh… (As owners of Ring, Amazon should be better than that if they hold govt cloud contacts… Ring should be as secure in their cloud) Please allow the choice for users in all areas but it is also a fair expectation that Amazon provides a secure environment on the cloud side for users without 2FA. (Don’t put it on the customer)

3 Likes

Hi neighbors - we hear you & will work on updating what we can for the Community. Please be patient as we take your feedback into consideration and make any appropriate changes. Thanks.

_ Please note, for now I am updating and accepting this post as a solution. This is a helpful way for other neighbors that come into this thread to view our most recent response. Thank you._

@Ring,

I have network security in place to address the Ring vulnerabilities.

How do I completely (email and SMS) disable 2-step authentication? I do not want 2-step authentication…Twice I have followed these steps and the system reverts me to email 2-step and does not disable it!
If I cannot disable it - I assure you that you will lose my business. Your battery-powered devices and offshore reps have repeatedly failed me! It is absurd that when a network password is changed that the Ring user has to spend 15-20+ minutes PER RING DEVICE to REInitiate a connection. My professor is a long-term leader at ADT…

https://support.ring.com/hc/en-us/articles/360024818291-Using-Two-Step-Security-Authentication-with-Your-Ring-Products

6 Likes

Sorry @RingFailedMe , of the confusion. We are working on getting the Help Article updated asap. At this time, neighbors are required to take two steps to verify their identity during a login attempt. We have sent over any and all feedback to the team. We will certainly keep you posted on any new developments from the team. Thank you!

1 Like

It’s a real pain in the butt to have to have a verification code sent out everytime I go onto this site, why is that? I have to get one to access my account on Ring, even tho I already have to enter my password and user ID, plus it’s saved in my computer, than I have to do it again when I acesss this community site. Too much.

8 Likes

Log-in to Ring.com…get an text message for validation and ONLY one minute to verify. Log-in to the community forums, SAME PROCESS, SAME OVERLY SHORT TIME-LIMIT! If I managed to log onto Ring.com and pass your security requirements c

don’t you think that I should also be able to log onto the forums.

Or is your web-site still insecure? Your actions in requiring a second log-on are not giving me the warm fuzzies. Or hasn’t this occurred to you

3 Likes

This is terrible. I have had to enter these codes over a dozen times in the past two hours as I do routine management and maintenance of my multiple lcoations and devices. Seriously, this has me on the verge of selling the whole pile of stuff. Moreover, I have two-factor explicitly disabled in my profile yet the setting seems to be ignored.

In case any Ring product manager has really thought about this, they should consider that users like myself may not have reliable SMS across all the locations so that does not work. I already have to carry multiple cell phones as a result. Having to wait for an email to arrive, especially with spotty Internet access and accounts that have other email issues is unrelaible especially in an urgent situation. Next, the current implementation does not seem to fingerprint access correctly so it requires an email exchange in my case for EVERY LOGIN.

While I worry a lot about Internet security, this is an infantile, poorly thought through way to implement higher security for Ring users and accounts. THIS MUST BE RETHOUGHT AND REMOVED UNTIL THEN.

4 Likes

You said that you heard us and are working on a solution to your self- inflicted wound. Did you poll your users, or was this a knee-jerk response to a percieved problem manufactured be the media? The idea of inconviencing thousands of users (probably fewer since enabling TFA) because of a few idiots, they being the same ones who use the default passwords on their router, make the news over something that is their own fault is ridiculous. I hate to tell you guys, but Darwinism is alive and well. Have you never heard that engineering’s goal is to make something ■■■■■ proof, nature’s goal is to make a better ■■■■■, and nature is winning.

How hard is it? Force the new user to use a password that is not in the dictionary when setting up the account. You could set TFA as a default but allow the user to disable it. I cannot go through this every time I need to check my ring. The idea that I only need to log into the app once on my phone or tablet is nice in concept, if the app was not such a power suck, requiring me to close the app or walk around plugged into the charger. It is bad enough that I have to wait minutes (on a 100 Mbps line) to see what triggered the alert, I now have to wait to get an email on my tablet to allow me to see what happened. Yeah, it works really great to answer the door 2-3 minutes after it rings. That works wonderfully for my disabled spouse who cannot get to the door in time, the whole reason we bought Ring in the first place. If I am out of town, notification to my phone or email is useless to her. It is my understanding that setting up shared users means that we both get the notifications and TFA requests.

3 Likes

This mandatory 2 factor check is a major pain in the butt.

5 Likes

I want the ability to SKIP two step ANYTHING because its simply a pain.

5 Likes