Yesterday Ring announced that two-factor authentication will now be required for all user accounts. While that's a good start, it's not enough. The company can and should do more. The truth is that it is catching up with another surveillance camera company: Nest. If you have to make a decision, you should trust Nest Before Ring, and here's why.
Security cameras that you put in your home are frankly a scary affair. Think about it ̵
Nest, on the other hand, has already found the problem. The company has implemented (or will implement) several features that Ring lacks, such as: B. IP logging, password strength requirements, verification of password violations and prevention of a fast login attempt.
Google knows where you are thanks to IP logging
May not recognize it, but websites do know where you are. Your IP address shows this information each time you visit a website. Most websites don't track where you are normally.
Google does, however. If you always sign in from Washington DC, but suddenly jump to Florida or China in half an hour, Google will notice this attempt to sign in and treat it as suspicious. It notifies you and prevents you from signing in until you can confirm that it is you and not someone who is trying to sign in with a password from a corrupt database.
This is a feature that Google first introduced for Google Accounts (for Gmail, Google) calendars, etc. has recently provided the feature for Nest accounts.
Ring is not currently checking your IP location for suspicious activity. This is due to the fact that bad actors were able to log into other users' ring accounts (unless luckily they were always very close to the victim).
The company did not mention the feature in its latest update regarding privacy and security changes. And that is a shame because it would make a big contribution to fixing the problem.
Ring allows you to use any password, no matter how weak
The first barrier to your account is your password, and it's surprising to see that you can use anything with Ring. To make sure, I created a new account today that I can use "password" for my password. This is the weakest password in the world, and no website, let alone a security company, should allow it.
The worst thing is, Ring knows that the password is weak. You can see in the screenshot above that Ring says "Password" is weak. Still, I could use it anyway. If you saw someone standing in front of a truck, you wouldn't just say, "Hey, that's a bad idea." They would keep them from making a terrible mistake. However, Ring doesn't prevent you from using a terrible password.
Nest, on the other hand, checks your passwords for basic requirements and doesn't let you use easy-to-guess passwords in the standard style. It feels almost silly to praise Nest for this fact because it's the bare minimum that a security company should do, but Nest and Ring don't, so we're here.
Nest Checks For Broken Passwords
So Long While We're Throwing Truth Bombs At You, here's one more thing: Someone has already compromised the single password you used for your email, Adobe, Disqus, Dropbox, Tumbler, and xkcd use. Multiple times. If you use the same password everywhere, you should stop. Please get a password manager.
But we can repeat this fact until the end of time, and people will become people and will continue to use passwords. So the next best thing is to protect people from themselves. Nest checks your current username and password for known database violations. If a match is found, you will be informed and your password will be changed.
This prevents hackers from logging into your account with credentials that they found on another website due to poor security. Unfortunately, Ring does not check your passwords for database violations. If you're using a compromised username and password combination, you'll need to find out and fix the problem. We recommend checking HaveIBeenPwned if you haven't already.
Nest uses reCAPTCHA to prevent fast login attempts.
If a hacker doesn't do this If you know your password, you can try to guess it. One way is to provide hundreds or thousands of passwords with a bot, hoping to get a hit. However, this doesn't work with Nest (or Google) accounts.
Nest has already implemented reCAPTCHA on its login page. You have probably seen it before. If you've ever had to select "all crosswalks" or "all hydrants" from a grid, this is reCAPTCHA. The basic idea is that it is a test that "only a person" can solve. It also slows login attempts, even if a bot somehow passes the test.
In theory, this should prevent bulk login attempts from eventually guessing your password. Unfortunately, Ring does not have such protection. This allows bad actors to guess until they understand it correctly (especially if you have a weak password that allows ring).
Both offer two-factor authentication, but you're better off with Google.
As of yesterday, Ring requires two-factor authentication. From spring onwards, Nest will also need it for its accounts. Ring is a bit ahead of Nest, but that's not the whole story.
In both cases, you’ll need to enter a unique PIN to log into your account. For Ring, you will receive this by email or text. Email is the only option for Nest. Single use codes sent by email or text are better than nothing, but it's not the most secure version of two-factor authentication.
If you want more security, you should use an authentication app that is tied to your phone. With codes sent by text or email, the bad purchases only have to jeopardize your accounts. With an authentication app, however, they would have to steal your device (and at this point, surveillance cameras are the least of your problems).
This is important because when you migrate your Nest account to a Google account, not only do you get more security than Nest currently offers (which is more than a ring), you can use your authentication account with an authentication app to back up.
Google believes its accounts are so secure that, by contrast, Nest doesn't require two-factor authentication, but we think you should turn it on if you have surveillance cameras.
It's a matter of the heart
We haven't even talked about the difference in products yet, but if you want our opinion, we think Nest cameras are better than ring cameras. Integration with other Nest products (such as the Nest Hub) is much tighter than the integration between Ring and Amazon Echo products.
But even if Nest and Ring cameras were exactly the same in terms of quality, you should still go ahead with Nest.
While Ring quickly blames its customers for security problems and is slow to implement solutions, Nest (and Google) have implemented solutions quickly and have been slow to blame customers.
In the rare cases where something happened. As with poor integration between Wink and Nest, the company took responsibility and quickly worked to solve the problem. This is exactly the behavior you expect from your security camera manufacturer.
Nest's actions show that it works hard to earn your trust and secure your accounts. And Ring's actions feel like the bare minimum. When the selection is clear, choose Nest before Ring for your surveillance cameras.