Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

2nd factor Authenication added to the login process

Hello,

 

I tried to search for this idea, but didn't see anything.

 

I would like to see 2nd factor authenication options added to the login process.

 

Thanks

Comments
The lack of multifactor authentication for Arlo app and website logins is absolutely engineering negligence. This is an out of the box feature in every major software framework and should be considered an egregious lack of security due diligence. Trivial access to large scale username and password dumps for a majority of the 200 million or so of the US adults have been common place for several years and are being used to compromise IoT devices by novice bad actors at an accelerating rate. I understand minimizing user friction is important but if it is made as an optional feature this is a non-issue in my opinion. It is already supported by every major app and website development framework so the decision to not offer it was either gross negligence or was mandated by a c-suite individual with zero understanding of the current cyber security ecosystem. If this feature is not implenented I will remove all Arlo hardware and cease service subscriptions and actively recommend the same to anyone using or considering using Arlo hardware or services. I understand the value prop is low for already purchased hardware but the damage to the brand would offset that signicantly as the average user becomes more security aware and competitors offer MFA as the norm.
JCIT15
Novice

Implementing 2FA/MFA is not a hard task to do. This should be an out of the box feature/requirement for any application that has accounts involved. I will not be using any Arlo products any further until proper security measures are in place. Security cameras are a SECURITY device. This should involve just as much cyber security, as it does physical security. Especially when you are storing video recording of our ourselves, and our families in "the cloud". Cyber-criminals for years and years have been known to be hacking into home security devices for the sole purpose of spying/voyeurism. For the love of God Arlo... implement at least the basic security control for us (MFA via Arlo phone app, or another authenticator like Google Authenticator/Authy). MFA via SMS is not secure anymore, but heck, that would be 10000 times better than no MFA at all. 

 

Not having MFA on the user side makes me extremely worried about the security controls on the Arlo side. Are you guys even effectively securing our data, and our video clips in the cloud? Do you have proper identity & access management controls in place? MFA on your critical systems? Servers hardened? Firewall? IDS/IPS? SIEM/SOC? Email protection to prevent phishing/malware attachments sent to your employees? Do you have penetration tests carried out to test your security posture? etc etc. I REALLY HOPE YOU DO....

JCIT15
Novice

2FA/MFA via a mobile phone app is a must. This is video clips of myself and family being stored in the cloud. MFA isn't difficult to implement. It should've been a top priority years ago - especially since we know that cyber-criminals target insecure security cameras to spy on people. This makes me think about how well Arlo is making cybersecurity a priority at their cloud/infrastructure level where all of our video recordings are stored (IDS/IPS, Firewalls, Identity & Access Management, MFA on their systems, hardened systems, SIEM/SOC, etc). I am going to stop using Arlo until security is taken seriously. MFA via a phone app for our accounts is a must.

gzafra
Follower

I'm really surprised there is no 2FA in a IoT service like this. This is a bit scary to be honest. I was considering upgrading my Arlo system at home but this is a big drawback 😞

Fwim
Novice
Any plans to implement two-factor authentication for home portal logins? As it stands, all Arlo users are easy targets for at least a couple of reasons.

If someone with ill intent decided to brute force an account, they could view a users camera(s), and gain total control of the system. Additionally, when logging into this site, entering a password incorrectly results in the rather tell-tale message “Error: wrong password” which is quite useful for hackers who then know they have a working email address, and simply need to continue trying passwords. A quick visit to the portal login, and voila, you’ve got someone viewing your home, family, workplace, etc.

Unauthorized access to an email, or social media account can be damaging. Having your home security camera compromised could potentially be many orders of magnitude worse. The collective customer base’s privacy is at stake here, one of the very things many of us hoped to protect by purchasing an Arlo system, so please consider the aforementioned concerns if you haven’t already.

Thank you for your time.
Arlouser52058
Novice

Dear Arlo support, this is 2019 and accounts get hacked all the time. Arlo users need the following security features on their accounts:

1. Multi-Factor Authentication

2. Login History that tracks IP addresses, device type, timestamp etc.

3. Notifications via email or push when someone logged in into your account and an audit trail of what was changed

 

I am seriously concidering returning the system due to lack of basic account security features.

Locutus73
Apprentice

Almost 3 years since the original post and still no 2FA???

This is a basic, indispensable requisite for a security system.

Please fix this (I won't say implement it, since it's not a feature, it's a prerequisite)  ASAP.

 

Thank you in advance.

Best regards.

Marcus_A
Onlooker

And it's up. It is in the new app. Keep the old one, install the new, login and remove the old one.

It's not TOTP, but sms/mail/app, so good enough.

JessicaP
Arlo Employee Retired
Status changed to: Implemented

We appreciate everyone's patience regarding having the Two Factor Authencation feature enabled for the login process. This feature is now available on the web client on your computer and on the Arlo app, which you can download from the iOS App Store or the Google Play Store.

 

For more information about the new Arlo app, feel free to read more about it here: Arlo is migrating to a new Arlo app this month

For more information about two-step verfication, read more about it here: What is two-step verification and how do I set it up?