Ring makes two-factor sign-in mandatory for its video doorbells, security cameras

The Amazon-owned maker of smart doorbells says it's tightening privacy and security.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
2 min read

Ring is also letting users opt out of sharing some data with third-party companies. 

Chris Monroe/CNET

Ring on Tuesday said all customers will now be required to use a second layer of verification, also called two-factor authentication, when signing in to accounts. The move comes after a series of incidents last year in which hackers took over Ring cameras in households around the country, and as the Amazon-owned company has faced scrutiny over its security measures

With the update, customers will receive a one-time code via email or text message that must be entered in addition to a username and password when they log in to a Ring account. This applies to any shared users on an account, Ring said. The change will start rolling out to customers Tuesday. 

Amazon bought Ring in 2018 for a reported $1 billion. The maker of smart doorbells and security cameras has helped expand the retail giant's smart homes push, but it's also attracted criticism from cybersecurity experts and privacy advocates. By partnering with police departments across the US to offer free or discounted video doorbells, the company has helped build a surveillance network that blankets communities with cameras. 

Ring said Tuesday that it's also making changes to how third-party companies access Ring users' data, including "temporarily pausing the use of most third-party analytics services in the Ring apps and website," and letting people opt out of sharing info with third-party companies that serve up personalized ads. 

Despite the announcement, a Gizmodo reporter found that Ring's website was still mining visitors' location data in its source code. The data, however, is being used only to determine if a visitor is coming from California or the EU, which have a different set of privacy laws that require different versions of the website. 

Watch this: Here are all the smart products Ring showed off at CES 2020

16 smart doorbells to watch over your front stoop

See all photos

Originally published Feb. 18, 8:14 a.m. PT.
Updates, 2:15 p.m.: Adds that Ring's website was still mining visitor data; Feb. 20: Clarifies that the location data that Ring's website tracks is used only to determine if the visitor is from the EU or California, which have different privacy laws that call for different versions of the site.