Photo of the Ring Video Doorbell

How to make your Ring smart home system more secure - and why you need to do it right now

Alistair Charlton
Dec. 20, 2019 11:25AM EST

It is safe to say that Ring, the smart home and video doorbell company owned by Amazon, has had a bad month.

Numerous reports have been made of home security cameras being hijacked and viewed by strangers, including one in which a stranger spoke to an eight-year-old child. Ring's security practices have also been questioned.

Read More:

But instead of rolling out extra layers of security for Ring owners to enable, or make heightened security like two-factor authentication a mandatory requirement for all Ring account holders, the company says its customers' poor cybersecurity practices are to blame.

In response to multiple reports of Ring cameras being 'hacked,' the company wrote a blog post explaining that its services had not been compromised. The company explained, "Unfortunately, when people reuse the same username and password on multiple services, it's possible for bad actors to gain access to many accounts."



Ring Floodlight Cam Wired Plus with motion-activated 1080p HD video, White (2021 release)
List Price: $199.99
New From: $119.99in Stock
Used From: $101.99in Stock




Next, a report by Motherboard branded Ring's security as "awful," and pointed out how there are no safeguards in place to raise a red flag when someone is seen logging into a Ring account to view a camera thousands of miles from where the camera's owner says they live.

It is also possible for people in multiple countries to log into one Ring account and view the cameras together without the app becoming suspicious or asking everyone to confirm they are the account holder.

Logging into a Ring account and viewing a camera from a foreign country, using a phone or tablet that has never been used by that account before also fails to raise any alarms. Logging into other web services like this, from the likes of Google and Apple, prompts a security check or contacts the account holder to check it's them.

On December 19, Buzzfeed News reported that a publicly accessible database with the login details of over 3,600 Ring users was discovered. The data included their email addresses and passwords, as well as the names of their cameras, which are often named after the rooms they appear in, like 'bedroom' or 'kitchen'. The database appeared to have been stolen from Ring.

With access to this database, an attacker could log into the Ring accounts, watch live feeds from the cameras, and speak to their targets. They may also be able to view weeks of saved footage, depending on the Ring customer's payment plan.

As well as doorbells, Ring sells security cameras and floodlights Amazon

Ahead of the report being published, Ring contacted all users who appeared in the database. An email stated: "During a recent investigation by our security team, we identified that the email address and password of one of your external accounts was exposed in a data breach."

The email then repeated Ring's earlier explanation of how people use the same credentials repeatedly, and when one is compromised, other accounts can be accessed. This is known as a credential stuffing attack, where stolen login credentials are repeatedly and automatically used to try to log into other accounts, like a Ring account.


Ring Floodlight Cam Wired Pro with Bird’s Eye View and 3D Motion Detection, White
List Price: $249.99
New From: $199.99in Stock
Used From: $149.99in Stock



How to enable two-factor authentication and better secure your Ring account

Two-factor authentication is a system in which your email address and password are insufficient to log into your account. Instead, when you provide the correct address and password, the Ring app will text your phone. This text contains a unique code, which you must enter in the app to log in.

When setting up your Ring account, two-factor authentication is presented as a security option. Still, if you skipped that step, you can activate the app—something we strongly suggest everyone do immediately.

To set up two-step authentication with Ring, follow these instructions:

  1. Open the Ring smartphone app
  2. Tap the three-lined icon in the top-left corner
  3. Tap on Account
  4. Tap on Two-factor Authentication under the enhanced security tab
  5. Tap where it says 'Turn on Two-factor'
  6. Enter your password when prompted
  7. Enter the mobile number you want the aforementioned security code to be sent to
  8. A six-digit code will be sent to your phone. Enter this in the app when prompted.
  9. Tap Continue

You should probably also consider changing your Ring password, which you can do in the Account Settings page.

To avoid a credential stuffing attack, you should always use a different password for every account you create. A password manager can help you create new, secure passwords and remember everyone you have created. You should also consider using a physical security key.



Ring Chime Pro
List Price: $59.99
New From: $59.99in Stock
From Your Site Articles
Related Articles Around the Web