Ring, the video doorbell maker dubbed the “largest civilian surveillance network the U.S. has ever seen,” is rolling out new but long overdue security and privacy features.

The Amazon-owned company’s reputation was bruised after a spate of account breaches in late 2019, in which hackers broke into Ring user accounts and harassed children in their own homes. Then, taking advantage of Ring’s weak security practices, hackers developed bespoke software to brute-force the passwords on Ring accounts, which at this point were only protected by the user’s password. All the while, there were several caches of Ring user passwords floating around the dark web. Ring initially blamed its users for using weak passwords (like “password” and “12345678,” which Ring allowed users to set as passwords), but a couple of months later the company acknowledged its failings by rolling out mandatory two-factor authentication by text message. It was a good start, aimed at making it more difficult — albeit only slightly — to curb the bulk of automated account hijacks.