Amazon Enforces Mandatory 2FA For Ring, Effective Immediately

Ring Logo 2018 AM AH 1 2019

Starting today, Amazon is reportedly enforcing a mandatory 2FA for Ring account logins. That change comes alongside several others announced by the retail shipping giant, as well as some new security policies that will take effect later on.

While 2FA — or two-factor authentication — has already been optional for Ring accounts, that’s now going to be mandatory. As that implies, that means users will now need to input a code when logging into their ring accounts. The practice is no longer optional.

Following standard practices, that will be a one-time six-digit code. Amazon delivers that code directly via the users’ email or SMS inbox. Users will have the option to choose either delivery method, so they can pick the most convenient option. The code will be applicable to the primary and secondary Shared User.


What other changes are incoming for Ring, aside from 2FA

Aside from looking to address problems with illegitimate logins using 2FA, Amazon’s Ring division also opted to make some other changes effective immediately.

Those chiefly follow numerous reports about possible problems with consideration for data privacy. Among the most recent of those, Ring’s doorbells were recently found to be leaking data to Facebook and other companies without user consent or knowledge. More importantly, that information was being taken even for Ring users who didn’t have Facebook accounts, to begin with.

Now, Ring is working to give users new tools that will help manage third-party service providers. That includes opting out of third-party personalized advertising, which was a significant part of the abovementioned link. The more immediate impact of that is that Ring will now pause “most third-party analytics services in the Ring apps and website.”


Amazon hasn’t highlighted exactly which third-parties are being cut off. The company is holding the pause until it has given more options to opt-out of sharing to its users. The Amazon-owned IoT, connected security unit expects that to arrive at some point this Spring.

Whether or not that’s enough to stave off some of the negative publicity that’s surrounded the company and Ring in recent months remains to be seen.

Google Nest has already promised mandatory 2FA but on a different timeline

Amazon got the jump on its most prominent rival, Google’s Nest, with its decision to enable the 2FA requirement now. Nest plans to implement its own similarly-drastic requirement as early as this Spring. That will mean that both of the world’s biggest IoT and smart home platforms will require the authentication, with deeper controls in place, around the same timeline. But it also means that Ring users are caught unawares.


Prior to this announcement, Ring has made no indication that it would be altering policy to enforce 2FA as mandatory.  The user feature can be helpful in that it adds an additional layer to overcome to get into an account. But more determined bad actors can also spoof numbers or hack emails to overcome the measure with relative ease.

That doesn’t mean the new forced authentication is necessarily a bad thing. So long as Amazon follows through on its other measures too, the features should collectively make user data much more secure.