According to Engadget, Ring has undertaken to strengthen privacy and security. This follows industry criticism in the wake of cyberattacks that took place last year. The Amazon product is to start putting in place two-factor authentication for all users, in order for device owners to sign-in to their Ring accounts.
This means that each Ring owner will now be required to use a six-digit code (communicated to the owner via email or text message). This code becomes a requirement for the login process. This increases the baseline security for the popular home security product.
READ MORE: New technology to enhance the ‘smart home’
The move follows a decision by Google to introduce two-factor authentication for Nest devices, a move that was reported on by Digital Journal.
Two-factor authentication means that the user is required to input two forms of identification in order to verify that they are the actual device owner. Authentication factors include inputting things that only the user will be aware of, such as a piece of knowledge (something only the user knows like a name of a place), knowing about a possession (something only the user has), and a type of inherence (something only the user is).
Commenting on Amazon’s change of approach to device security, Pulse Secure CMO Scott Gordon tells Digital Journal about the background that led to the new approach: “The Ring hacks that went viral in late 2019 shed light on the importance of proactive IoT security and consumer awareness.”
Gordon also notes that consumers need to get more savvy about the potential risks from these types of devices: “While data breaches have desensitized most consumers, digital home invasion is indeed closer to home. As smart device adoption continues to grow, users must be vigilant to not only change passwords but to take advantage of advanced security settings.”
Speaking about Amazon’s specific move, Gordon says: “Integrating two-factor authentication as a requirement is a step in the right direction for Amazon – even more so as these recording and connected devices, from wearables to security become part of the consumers day-to-day habitual usage.”
This is necessary, Gordon explains, because: “Insecure, unmanaged and unsanctioned IoT devices have become a popular attack vector, not only at home but at work – with the potential to expose sensitive corporate resources. For the enterprise, the creeping tide of consumer devices in the workplace expands the attack surface and requires automated access enforcement. A Zero Trust framework of discovery, authentication, verification and segregation is foundational to mitigate these IoT risks.”
