Home Security Cameras From Top Brands Lack Basic Digital Security Measures
Many models donāt offer two-factor authentication or robust privacy policies, Consumer Reports finds
When you shop through retailer links on our site, we may earn affiliate commissions. 100% of the fees we collect are used to support our nonprofit mission. Learn more.
You buy a security camera to keep your home safe, but is your camera keeping your privacy and data safe? CRās Digital Lab evaluates digital products and services for how well they protect consumersā privacy and security.
After six weeks of testing that included evaluating more than 70 privacy and security criteria on 26 cameras, our experts found that nine security-camera brandsāBlue by ADT, Canary, D-Link, Eufy, Honeywell Home, Logitech, Toucan, TP-Link, and Zmodoāstill lack two-factor authentication, a more stringent security measure than using just a single password to log in.
Thereās no good excuse for not offering it. āTwo-factor authentication is an easy-to-implement second layer of authentication that, when enabled, can stop some hackersā attacks immediately, protecting users' accounts,ā says Cody Feng, CR's test engineer for privacy and security. Many manufacturersā privacy policies also do a poor job of detailing exactly how they use the data from their customersā cameras.
Two-factor authentication helps prevent cameras from being hacked by sending users a temporary, one-time passcode via text message, email, or phone to use in addition to their password for logging into their accounts. Itās a safeguard against credential stuffing, a tactic where hackers use usernames and passwords from data breaches to log into accounts.
Tougher Privacy and Security Tests
This year, CR weighed 10 key criteria more heavily than in the past. āWe believe these are essential for consumer protection,ā says Maria Rerecich, the senior director of product testing at CR.
These security measures include two-factor authentication, automatic software updates, a visual indicator light that lets you know the camera is active, and email notifications for when a user logs in from a new device or IP address.
Many brands do a good job of adopting these security measures, and most earn a Very Good rating for data security in our tests. But there is definitely room for improvement.
For data privacy, we examine privacy policies and other documentation to see whether manufacturers disclose how they collect your data, who they share your data with, whether they attempt to minimize data collection, and whether consumers have a way to request copies of their data or ask for it to be deleted.
āOur evaluation for data privacy leans heavily on companies explicitly stating how they are using, storing, and sharing consumers' data,ā says Rerecich. āSince wireless security cameras capture and transmit sensitive data from inside a consumer's home, we have adjusted our scoring methodology to more accurately reflect the shortcomings of these privacy policies.ā
As a result of our scoring change, no camera model now receives a data privacy rating higher than Good, which is the middle of our ratings scale.
The Gaps in Two-Factor Authentication
Consumer Reports reached out to the nine brands that donāt offer two-factor authentication and asked if and when they plan to implement it. We received responses from these seven companies:
ā¢ Blue by ADT will add multifactor authentication before the end of the year.
ā¢ Canary will add it soon.
ā¢ D-Link is planning to add the feature to its mobile app before Christmas 2020.
ā¢ Eufy is starting to deploy two-factor authentication in the U.S. now.
ā¢ Honeywell Home is looking into ways to add it.
ā¢ Logitech says the feature is being āactively developed.ā
ā¢ TP-Link is ātargetingā a release for the feature in Q4.
The cameras in our ratings that currently offer two-factor authentication are made by Amazon, Arlo, Blink, Google Nest, Ring, Samsung SmartThings, and Wyze. At the time of our tests, none of the camerasāexcept Samsung SmartThingsāprompted you to enable the security feature. Rather, the feature was buried in the camera appās settings.
But both Blink and Ring have since made changes to the feature so that now, both, along with Samsung, have two-factor authentication via email by default, which CR would like to see all brands do. Additionally, Samsung is the only company that prompts users to enable two-factor authentication via text message (which we consider better for the user) when they set up a camera.
āWeāre glad to see these companies provide an extra layer of protection, and we hope more companies follow their lead,ā says Feng.
Though many of the cameras lacked two-factor authentication, most offered a number of the other nine security features we looked for in our tests. As a result, most of the 26 models we evaluated receive a Very Good rating for data security.
There are two standouts: Arlo and, again, Samsung SmartThings. Models from both brands receive an Excellent rating for digital security. Google Nest cameras earn a Very Good rating, a drop from their Excellent rating last year, due to CRās tougher data security scoring.
Poor Privacy Policies
To evaluate a companyās data privacy practices, we pour over its privacy policy, terms of service, customer FAQs, and other documentation to rate how thorough the company is in disclosing how it uses consumers' data.
āInscrutable privacy policies are the norm, unfortunately,ā says CR's Brookman. āCompanies are required by law to have a privacy policy, but the law doesn't really require much in the way of detail or specificity, so a lot of companies try to get away with saying as little as possible.ā
We also rate how well companiesā stated privacy policies protect consumers.
Eight companies earned a Good rating, the highest score any company received. Of those, Google Nest stood out for doing the best job disclosing what user data it shares and with whom, though it doesnāt offer good tools for obtaining and deleting your data, nor does it try to minimize data collection.
Top Cameras From CRās Tests
These are the top six wireless security cameras from our ratings. All offer strong data security and good data privacy, as well as impeccable video quality.
For more ratings and reviews of more models, check our wireless security camera ratings and buying guide.
Clarification: This article has been updated with information about D-Link's plans to implement two-factor authentication and information on brands that have started offering two-factor authentication by default since we conducted our tests.
