Making Multi-Factor Mandatory
Ring just did it, and hopefully this trend continues to spread
On Tuesday, the leading manufacturer of “smart” doorbells, Ring, announced that going forward they will be requiring multi-factor authentication to use their family of applications. These applications allow you to not only view the live feed and recordings from your doorbell, but also neighbor’s Ring cameras that have chosen to allow access to as well.
Ring has been under massive pressure over the past several months as more and more people were able to access live feeds of not only doorbells on the outside of houses, but video feeds live and recorded from inside of people’s homes (and in some cases use the two way radio feature to talk to children in the user’s homes. Creepy). Voyeurs (and this is the nicest term I could come up with) had been able to gain access to unsuspecting people’s Rings thanks to simply knowing user’s usernames and passwords.
Unfortunately, gaining access to people’s usernames and passwords has been made easier by people using simple passwords and/or re-using the same password on multiple sites. The combination of insecure password practices has been exasperated by multiple high-profile data leaks by major retailers and websites over the past few years. If you are still using the same username and password that you used on Yahoo a few years ago as you do on your Ring or other accounts, chances are someone has access to that information. If you’re wondering if your login information from a site has been leaked in the past, be sure to check out https://haveibeenpwned.com/.
This is where multi-factor steps in. Even if you use the easily guessed or re-used passwords, people looking to gain access to your Ring will now need to get access to the unique 6-digit time-sensitive code that Ring will send you when you attempt to log in. This practice is done several different ways by different companies. Some will text/email you the code, others require you to use a special free app like Google Authentication, and others still give you the option to use a physical item like a USB stick to help protect your account. Ring has chosen to use text messages, which some people consider not as secure as the others but is still significantly better than username and password alone.
Ring did have a multi-factor option before, but it was optional. Multiple studies show that if security is optional, most people do not opt in. Thankfully now they have made it mandatory, which hopefully more sites and services will start to do as well.
Ring is of course not the only site that offers multi-factor protection, but I think that them requiring it after being in the news so prominently the past couple of months, will cause the term to be more widespread. In fact, nearly every major site and service out there offers multi-factor options to their customers, it’s just sometimes hidden or not as obvious. This website, Two Factor Auth List, does an amazing job of maintaining an ongoing database of all the sites and services that offer Two (or Multi) Factor Authentication. Banks, Social Networks, Retail, etc. You can search the for the site, or just peruse categories to see what’s available.
While secure and unique passwords for each site is extremely important, multi-factor (in whatever form it takes) is a major key to ensure that your information and life on the internet is secure.
Stay safe out there.
