Optional two factor identification

I hate the two factor identification so much. I am this close to cancelling my account because it is such a pain to login. Does anyone like it? My cameras show my front porch and yard, everyone can see my front porch, I’m not even sure why it requires a password, let alone two step identification.
Please make the two factor identification optional!

Yes, I prefer working with a company that looks out for my account’s security by providing multi-factor authentication. It is really the wave of the future with so many hackers out there trying to access your accounts. If your financial institutions and email accounts don’t offer 2FA you should find ones that do.
I don’t have to repeatedly enter 2FA on my phone app, why not use it if you have a cell phone?

1 Like

So the OP is asking to have Ring remove 2FA??

That’s not going to happen. 2FA is the basic level of security for any account these days. A password is a given… I wouldn’t consider ANY service that did NOT provide 2FA. Most companies REQUIRE 2FA.

Your cameras showing publicly-viewable shots is not a good reason to ignore basic account security. It’s sort of like saying “I’ve got nothing to hide, so I don’t mind someone from the government or a big corporation seeing and knowing everything about my life.”

If a hacker accesses your account, they can do a lot of damage.

Read up on 2FA. It’s not really inconvenient, and in today’s society, is a basic requirement for online accounts.

You’ll get used to it!

I’ve joined this community because I also want to turn off the new 2FA access methods on my Ring. I don’t want a text message and I don’t want to use an authentication app. It’s a lame new feature, it takes longer to access the camera and you’re going to give more of your personal information to Amazon. Had I known this feature was to be added, I would not have chosen Ring 2 years ago. Is this feature request, to disable or make optional 2FA, going to be added in the next 6-9 months? I’d like to plan either to renew or research other door cameras who offer fuss free, high quality HD feeds, and isn’t going to force me to provide my data.

While 2FA may be important to access account and payment details, then the existing 2FA via email is adequate (no issue here). It is not important to me when accessing the camera and playback. I care about being able to see feeds and use information quickly. If there is a concern about hackers seeing my video feeds, then provide an audit report and basic alerting of new devices and location/country outlier reporting.

1 Like

Where from a security perspective I understand the 2FA feature, the way it is implemented by Amazon is really rude. I do not understand what the people of this company think or how their design and development process is working. But almost everything they make has a lack of logic and usability. While they are may be one of the best funded teams in the world, they are the winners to set thing up in the most frustrated way

1 Like

2FA via email isn’t the best in security since people like to recycle passwords. So if a hacker has your email password and your Ring password then they’ve got control.
I’m not sure why 2FA is such a burden, but on my phone, once my Ring app is setup I don’t have to enter 2FA every time I access it. Also, when I access my dashboard on Ring.com I selected the option for Ring to remember the browser and from then on I only have to enter username/password.
Also, I use a password manager that support TOTP so I don’t user email, SMS, nor an authenticator app.

1 Like

I have to use that stupid code when I try to login on this community pottal. If there is another OTP option, like the one generated locally that would be great. But I do not have that option. So, I have to run through the ridiculous logon cycle when accessing the community portal

2fa should be optional and ring should not assume every user is security ignorant. Further, before you assume what level of security is required, you need to perform a proper risk analysis and then impact assessment.

Lets do a theoretical impact analysis on a “hacker” getting access a basic door bell camera.

  1. Bad actor could change settings of the doorbell / camera.
  • Could lead to the doorbell / camera not functioning properly.
  1. Bad actor makes changes to access control.
  • Could lead to you being locked out of your account.
  1. Bad actor has access to case the premise or conduct surveillance on people.
  • Could lead to your house being burglarized.

Yes, two of the three are mild annoyances and the third could be a real potential but I would still argue that 2fa should be optional.

What other damages do you believe is possible?

Inexperienced UserA uses same username and password for their Ring account as their BigStoreOnLine account. BigStoreOnLine database is stolen and now hackers access UserA’s Ring devices. Hackers could learn location of UserA. Could figure out when UserA isn’t home. Or even if UserA is home to cause physical harm or even worse, kidnapping. Sound farfetched? Probably, but it could happen.
2FA should not be optional as then everyone would turn it off, including UserA. 2FA is a minor burden considering the ramifications that could lead to actual harm to someone.

Make two-factor authentication an option.

Right now, I feel that two-factor authentication is a case of Ring Corp. playing CYA.

I clear cookies/caches constantly. I have the Ring app on 2 ipads, one cell phone and ring.com on my desktop pc. Two-factor authentication is extremely INCONVENIENT for me. I use my landline or my desktop computer for almost anything I do.

I am not a person who is physically attached to a mobile phone. Most of the time, my phone is turned off and in my purse, in a closet, in another room, on another floor of my house. My cell phone is only turned on when I am in the car… driving.

BTW, for people who only have the Ring app on their phone, two-factor authentication just isn’t logical. Play it out. What do they physically have to do? They are simply going from one app (Ring) to another app (text and/or email) on the same device.

My vote is to request 2FA be optional. Every time I sign-in from a browser, I am prompted for 2FA, and the use of “remember me for 30-days” has no effect. I really like my new Video Doorbell Pro 2. Thank you.