I hate the two factor identification so much. I am this close to cancelling my account because it is such a pain to login. Does anyone like it? My cameras show my front porch and yard, everyone can see my front porch, I’m not even sure why it requires a password, let alone two step identification.
Please make the two factor identification optional!
So the OP is asking to have Ring remove 2FA??
That’s not going to happen. 2FA is the basic level of security for any account these days. A password is a given… I wouldn’t consider ANY service that did NOT provide 2FA. Most companies REQUIRE 2FA.
Your cameras showing publicly-viewable shots is not a good reason to ignore basic account security. It’s sort of like saying “I’ve got nothing to hide, so I don’t mind someone from the government or a big corporation seeing and knowing everything about my life.”
If a hacker accesses your account, they can do a lot of damage.
Read up on 2FA. It’s not really inconvenient, and in today’s society, is a basic requirement for online accounts.
You’ll get used to it!
I’ve joined this community because I also want to turn off the new 2FA access methods on my Ring. I don’t want a text message and I don’t want to use an authentication app. It’s a lame new feature, it takes longer to access the camera and you’re going to give more of your personal information to Amazon. Had I known this feature was to be added, I would not have chosen Ring 2 years ago. Is this feature request, to disable or make optional 2FA, going to be added in the next 6-9 months? I’d like to plan either to renew or research other door cameras who offer fuss free, high quality HD feeds, and isn’t going to force me to provide my data.
While 2FA may be important to access account and payment details, then the existing 2FA via email is adequate (no issue here). It is not important to me when accessing the camera and playback. I care about being able to see feeds and use information quickly. If there is a concern about hackers seeing my video feeds, then provide an audit report and basic alerting of new devices and location/country outlier reporting.
3 Likes
Where from a security perspective I understand the 2FA feature, the way it is implemented by Amazon is really rude. I do not understand what the people of this company think or how their design and development process is working. But almost everything they make has a lack of logic and usability. While they are may be one of the best funded teams in the world, they are the winners to set thing up in the most frustrated way
3 Likes
I have to use that stupid code when I try to login on this community pottal. If there is another OTP option, like the one generated locally that would be great. But I do not have that option. So, I have to run through the ridiculous logon cycle when accessing the community portal
1 Like
2fa should be optional and ring should not assume every user is security ignorant. Further, before you assume what level of security is required, you need to perform a proper risk analysis and then impact assessment.
Lets do a theoretical impact analysis on a “hacker” getting access a basic door bell camera.
- Bad actor could change settings of the doorbell / camera.
- Could lead to the doorbell / camera not functioning properly.
- Bad actor makes changes to access control.
- Could lead to you being locked out of your account.
- Bad actor has access to case the premise or conduct surveillance on people.
- Could lead to your house being burglarized.
Yes, two of the three are mild annoyances and the third could be a real potential but I would still argue that 2fa should be optional.
What other damages do you believe is possible?
2 Likes
Make two-factor authentication an option.
Right now, I feel that two-factor authentication is a case of Ring Corp. playing CYA.
I clear cookies/caches constantly. I have the Ring app on 2 ipads, one cell phone and ring.com on my desktop pc. Two-factor authentication is extremely INCONVENIENT for me. I use my landline or my desktop computer for almost anything I do.
I am not a person who is physically attached to a mobile phone. Most of the time, my phone is turned off and in my purse, in a closet, in another room, on another floor of my house. My cell phone is only turned on when I am in the car… driving.
BTW, for people who only have the Ring app on their phone, two-factor authentication just isn’t logical. Play it out. What do they physically have to do? They are simply going from one app (Ring) to another app (text and/or email) on the same device.
2 Likes
My vote is to request 2FA be optional. Every time I sign-in from a browser, I am prompted for 2FA, and the use of “remember me for 30-days” has no effect. I really like my new Video Doorbell Pro 2. Thank you.
2 Likes
My parents are elderly. Two factor authentication is too difficult for them. There should be a way to disable this feature.
2 Likes
I mostly enjoyed the product until the forced request for two-step verification. I do not wish to supply my cell phone to RING or install some additional verification app on my tablet or cell. I can understand giving a verification option, but not being forced to adopt it for the sake of tech trends. I certainly use two-factor for banking purposes, but my motion monitoring does not fall under that category for me. I was perfectly happy with how things worked before you started forcing this change. In addition, not allowing the email option is also a bad move on your part. At this moment I recommend people don’t get RING products and I am beginning to contemplate dropping RING monitoring for myself. I currently bypass the request to setup two-factor verification, but it is a hassle to do so each time and is making me wish I had not been an early adopter/supporter of RING.
3 Likes
I primarily use the web site to check my camera. I don’t like being forced to use two-factor authentication. I fully understand the security implications. But it’s a camera, not a bank account. It should be my choice. Why can’t I turn it off?
And I really resent being forced to re-authenticate on the web site every month.
3 Likes
The need to constantly re-authenticate (the promised 30-day retention is very unreliable) is EXTREMELY ANNOYING. My wife often looks at the Ring dashboard but doesn’t have MY phone with her, so she has to call and ask me. These browsers are in our home and pose ZERO security risk, so what is the alleged upside to have 2FA be optional? I see NONE. This is just a ridiculous and unforgivable oversight on the part of Ring and makes me question whether I want to continue to use your equipment and service. This is a BIGTIME dealbreaker and I’ve seen LOTS of other users with the same complaint/request. PLEASE MAKE THIS RIGHT!
3 Likes
TFA is making the ring useless in my club. There isn’t a phone for it to go to!!! REMOVE TFA!
1 Like
Why not enable 2FA by default, but allow the owners of these devices to disable the 2FA feature?
This current setup simply doesn’t work as by the time you’ve tried to access the video, mucked about waiting for the 2FA code to arrive, navigated back to the Ring app and entered it, the person at the door has gone.
This implementation of 2FA was obviously managed by someone who doesn’t actually use the product in the real world.
If I knew that you were going to lumber me with this nonsense, I would never have purchased your product, or at the very least, avoided the crippling update that you sent out.
2 Likes
I’m an IT consultant, and I have to say requesting ring make 2FA optional is a very bad idea.
2FA makes the account very secure, and in a world where people constantly fall for phishing scams, use simplistic or otherwise easy to guess passwords, it’s absolutely paramount to have this in place. Without this we would be seeing accounts getting compromised quite regularly, and then people would be moaning about their privacy having been infringed when the reality is it’s their own poor security practices that have caused the account to become compromised to begin with.
I see it all the time, accounts with no 2FA get compromised. It happens constantly. When 2FA is enabled this simply doesn’t happen, so you should absolutely want this enabled.
If you use the ring app on your phone you aren’t constantly challenged for 2FA, so I’m not really sure what the big fuss is over. If you don’t use the app then it takes all of about 5 seconds extra to log in, is that really that big of a deal for ensuring your account can’t get compromised?
100% 2FA needs to be optional. Or they need to redevelop their idea of how it is implemented. The button “stay logged in for 30 days” is crap. It is NOT 30 days and not even close.
And it’s ironic that anytime I need to see a camera really quick is the time it logs me out and wants to 2FA. Instead my phone goes flying across the room. It’s stupid. I am in IT and I get the security part of it, but this system is like a “beta system” and isn’t ready for real life. Come on Ring, get with it. Never had this issue with Nest. And I am not a fan of Nest cameras, but I am getting close to either replacing all my Ring with Nest or some other system - all based on how this 2FA works.
Yes it is that big of a deal.
please consider an option to disable 2 step verification on the ring app and every time logging in on pc and mobile app its driving me crazy!!
I have just got a ring video doorbell today and the amount of times I have had to have a code sent to my phone number to log in is really annoying
This is a perfect example why I don’t give IT consultants any IT decision making capabilities in my company. 2FA was introduced to deflect PR heat when news leaked that lax internal security at Ring allowed their customer service to spy on and share out customer video feeds. They also use it to gather more of your personal and relationship data.
2FA may be useful if I have my Rings indoors and want the extra security, but given Rings track record, I don’t use Rings for that purpose.
Look, when I signed up, 2FA didn’t exist and worked for us. So when they added this feature that I don’t want it, it’s a hassle and the feature should be made with a disable option.
Ah so you’re one of those are you, the sort that only learn the hard way when their company/customer data has been stolen because they’ve failed to implement basic security measures to protect that data. That or had thousands of pounds stolen due to phishing scams when an employee has been tricked into logging into a fake site and had their credentials stolen due to not being protected with MFA. These are things we see daily (I work for an IT service provider, and manage thousands of environments). So what might seem like an inconvenience to you (it’s really not, it’s a first world problem), is actually a critically important security measure. I tell you what is an inconvenience though, when it does happen, the loss of money, reputational damage and outright embarrassment that you’ve allowed your customer data to be exposed and failed to take simple steps to protect it. Your company would get a GDPR fine if this happened in the UK.
Please share the company name so we know to avoid it.