Amazon has announced that it has made two-factor authentication mandatory for its Ring doorbell.
It’s great to see well-known, consumer brands like Amazon making Multifactor authentication (MFA) mandatory, further emphasising the importance of added layers of security. A layered defence is a strong defence. With the proliferation of connected devices, smart technology is now prevalent in our everyday lives, and only requiring users to input a login ID and password risks hackers gaining access to users’ personal data.
Poor password hygiene, whether it\’s failing to change default passwords or using weak or repeated credentials greatly increases the chances of users being hacked. Every account with a password is a potential access point, and the only way to change people\’s habits is to educate and provide easy-to-use tools and apps. Multifactor authentication provides users with that extra layer of security, requiring them to verify their identity with factors such as biometrics and protecting them from the risk of weak or compromised credentials.
Bringing connected devices into the home shouldn’t make people feel unsafe. Smart Technology businesses would be wise to follow suit and ensure that multifactor authentication is required for all devices to further protect customer privacy and personally identifiable information. This will help to make connected devices more secure and ultimately, keep users safe from hackers.
The Ring hacks that went viral in late 2019 shed light on the importance of proactive IoT security and consumer awareness. While data breaches have desensitized most consumers, digital home invasion is indeed closer to home. As smart device adoption continues to grow, users must be vigilant to not only change passwords but to take advantage of advanced security settings. Integrating two-factor authentication as a requirement is a step in the right direction for Amazon – even more so as these recording and connected devices, from wearables to security become part of the consumers day-to-day habitual usage. Insecure, unmanaged and unsanctioned IoT devices have become a popular attack vector, not only at home but at work – with the potential to expose sensitive corporate resources. For the enterprise, the creeping tide of consumer devices in the workplace expands the attack surface and requires automated access enforcement. A Zero Trust framework of discovery, authentication, verification and segregation is foundational to mitigate these IoT risks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics