Verify Code when signing in via web browser

Is there any way to turn off the Verify code when signing in via a Web Browser?

Two factor authentication is turned off, but everytime I sign in via a Web browser I get asked to enter in an e-mailed code.

This is even asked when the web page times out and you have to log in again. I understand the reason for the code when signing in via a new web browsing session.

1 Like

With Windows 7 everything worked great, without having to enter a verification code every time. Windows 10 installed yesterday. Now I have to enter a verification code every time I use Firefox or Chrome.

Nothing to do with the os. It’s mandatory now. You’ll will always be asked for the 2 factor authentication code.

@Eagle328 wrote:
It’s mandatory now. You’ll will always be asked for the 2 factor authentication code.

If it is mandatory, what is the purpose of the option setting to turn on/off two factor authentication on the ring.com website?

Hey neighbors! @Eagle328 is indeed correct with how our 2SV codes that you get via email are mandatory right now. @Natey what you are referencing that you can turn on/off is going to be the 2FA code that you will get when trying to log into your Ring account from the app. You can learn more about 2FA here in our Ring Help Center Article, and this has a link to our Two-step verification 2SV that I have referenced as well.

It is one thing to provide an additional security/privacy method for account access. It is quite another to eliminate user control of their account features, and impose a long list of actions for _ every single access _ to the account, on the same computer, using the same browser, on the same day. This “mandatory” use of a 2FA-like feature requires 9 steps to log in… every time…

  • Browser -> https://ring.com/users/sign_in
  • Enter userid + password
  • Start email app
  • Wait for email arrival
  • Open email
  • Copy code
  • Switch to browser
  • Paste or type code
  • Press submit

I applaud additional features, but this was not well thought out, and the “mandatory” aspect may force a change to Nest or Arlo.

4 Likes

Thanks, neighbors. We appreciate your feedback (trust me - we hear you!!) and have passed along adding a trusted device feature to the appropriate team. We will certainly keep you posted on any new developments from the team!

@DNR do you have the option to set Two-Step Verification to Text Message? I personally found that to be a bit easier than what you described.

@Jennifer_Ring the text message alternative is just as onerous on my iMac using Safari. It still requires me to open another app, wait for the text, select-and-copy the code, switch back to Safari, paste the code, then re-enter the password (not retained by original submit), …

So basically, it is a new and unexpected punishment from Ring (after only having the Ring for a few months.) I am exceedingly disappointed in the (poorly considered) high-handed, approach to address only a potential security issue.

An appropriate approach might have been to add the feature, with default condition of “Enabled”, and allow the knowledgeable user to acknowledge acceptance of their own exposure when turning it off… I appreciate their concern, but a blanket “thou shalt” does not fit every user.

1 Like

Well said DNR.

Another point is that the weak link in username password systems is that a hacker might be able to get access to the email account to change the password. (Usually, if you or a hacker does not know the password, but he has access to the emai, he can ask for a password reset.) So, having the user check email to verify it is really “them” doesn’t really add any extra security. It mostly just wastes the time of the RING users to punish those who aren’t using 2fa codes. Worse, instead of giving a rare email notifying of access, one’s inbox is so flooded with ring emails one is likely to not pay any attention. (Banks will sometimes email you whenever anyone logs in.)

–Jason Arthur Taylor

I would like to add that in Gmail these repeated Verification codes are treated as one “Gmail Conversation” which is all in one message thread. The most recent email is threaded at the bottom of the list which is not even shown on the thread. Instead it is hidden under three little dots

…

If you’re knowledgeable enough to click on them your more recent verification code MAY be shown. However, since Ring takes its time sending the verification code (Surely you can pay AWS for a few more CPU’s?) the one you find at the bottom of the thread may be the penultimate code. Entering the penultimate code multiple times will get you locked out for 24 hours.

I understand that it is truly frustrating having embarrassing videos exposed online because consumers are too dumb to use strong passwords but if your solution is to make it impossible for paying customers to use your product then you’ve simply got no sustainable business. Come on folks! Cyota solved this for banks in 2005! And they handle MONEY. This looks like CyberSecurity 208 - 2FA project! Have some professional pride!

What a gift you guys are making to Netgear!

1 Like

Why not a checkbox to remember this PC, banks do it that way.

3 Likes

Even my Bank and Brokerage will ask the question “Should we trust this device” to eliminate having to deal with the verification code, every time. I would think their security would be adequate. It is enough for me to look for a different product/way. I think otherwise, I will not be so anxious to check my notifications, as I sit at my computer most of the day and I have to monitor three homes…

@jmcwilson1984 ,
@Onno
,
@Natey
,
@DNR
,
@jasontaylor7
,
@crisley47
,
@gwbuss
,
@fgcook
, and to others that read this post,

Let us all unite our voices concerning the current Two-Step-Verification process! You aren’t alone. This has been an ongoing issue across many other topic areas, just not in the Feature Request Board area. There are also many, many Two-Step-Verification posts across the entire Ring Community!

Ring has made some verification improvements. After you initially log-in verify, you don’t need to repeat this process on some Ring apps (smart-phone apps, Windows 10 apps, the Ring Community website, etc.) as long as you do not log-off. Thank you Ring! ? But still some areas, like the Ring website, still have this repetitive annoying issue (automatically logged-off after idle-time, and have to repeat this verification cycle).

Let your “Thumbs Up” be your vote to improve Two-Step-Verification method! Ring Teams notices Feature Request Board with higher Thumbs Up numbers, and therefore are more likely incorporate the request. I apologize if I missed some of the Two-Step-Authentication posts on this Feature Board, and I did not link to this topic already posted in other non-Feature Request Board areas (too many). But if you think this Two-Step Verification should be modified or tweaked to be more User-Friendly, CLICK ON EACH LINK below and THEN CLICK THE THUMBS UP icon of the submitting post author. Help make your Kudo Vote be heard! ?

https://community.ring.com/t5/Feature-Request-Board/Require-two-step-verification-only-for-unauthori…

https://community.ring.com/t5/Feature-Request-Board/Two-Factor-Verification-Ring-Community/idi-p/374…

https://community.ring.com/t5/Feature-Request-Board/Authentication-App/idi-p/28090

https://community.ring.com/t5/Feature-Request-Board/turn-off-2-step-verification-or-give-the-user-th…

https://community.ring.com/t5/Feature-Request-Board/quot-Remember-this-browser-quot-option-for-2FA-t…

https://community.ring.com/t5/Feature-Request-Board/Better-TFA-method-for-logins/idi-p/49229

https://community.ring.com/t5/Feature-Request-Board/Two-factor-authentication-Please-fix-it/idi-p/47…

https://community.ring.com/t5/Feature-Request-Board/Google-Authenticator-for-2FA/idi-p/51210

https://community.ring.com/t5/Feature-Request-Board/Turn-OFF-the-2FA/idi-p/35498

1 Like

Try it these days. It is even worse now. The email is just instructions on how to get a code by logging into ring on a trusted device, going through a bunch of steps to generate a code.

@Chelsea_Ring this is all ridiculous. I cannot have my trusted device (cell phone) with me at work. I work in a secured area where we cannot bring personal devices into. I also do not want to “trust this device” on a work computer. So Ring is now useless to me other than to record videos I can watch later instead of being able to check in at work and make calls if needed.