Arlo|Smart Home Security|Wireless HD Security Cameras|NETGEAR
Top Contributors

2nd factor Authenication added to the login process



I tried to search for this idea, but didn't see anything.


I would like to see 2nd factor authenication options added to the login process.



The lack of multifactor authentication for Arlo app and website logins is absolutely engineering negligence. This is an out of the box feature in every major software framework and should be considered an egregious lack of security due diligence. Trivial access to large scale username and password dumps for a majority of the 200 million or so of the US adults have been common place for several years and are being used to compromise IoT devices by novice bad actors at an accelerating rate. I understand minimizing user friction is important but if it is made as an optional feature this is a non-issue in my opinion. It is already supported by every major app and website development framework so the decision to not offer it was either gross negligence or was mandated by a c-suite individual with zero understanding of the current cyber security ecosystem. If this feature is not implenented I will remove all Arlo hardware and cease service subscriptions and actively recommend the same to anyone using or considering using Arlo hardware or services. I understand the value prop is low for already purchased hardware but the damage to the brand would offset that signicantly as the average user becomes more security aware and competitors offer MFA as the norm.

Implementing 2FA/MFA is not a hard task to do. This should be an out of the box feature/requirement for any application that has accounts involved. I will not be using any Arlo products any further until proper security measures are in place. Security cameras are a SECURITY device. This should involve just as much cyber security, as it does physical security. Especially when you are storing video recording of our ourselves, and our families in "the cloud". Cyber-criminals for years and years have been known to be hacking into home security devices for the sole purpose of spying/voyeurism. For the love of God Arlo... implement at least the basic security control for us (MFA via Arlo phone app, or another authenticator like Google Authenticator/Authy). MFA via SMS is not secure anymore, but heck, that would be 10000 times better than no MFA at all. 


Not having MFA on the user side makes me extremely worried about the security controls on the Arlo side. Are you guys even effectively securing our data, and our video clips in the cloud? Do you have proper identity & access management controls in place? MFA on your critical systems? Servers hardened? Firewall? IDS/IPS? SIEM/SOC? Email protection to prevent phishing/malware attachments sent to your employees? Do you have penetration tests carried out to test your security posture? etc etc. I REALLY HOPE YOU DO....


2FA/MFA via a mobile phone app is a must. This is video clips of myself and family being stored in the cloud. MFA isn't difficult to implement. It should've been a top priority years ago - especially since we know that cyber-criminals target insecure security cameras to spy on people. This makes me think about how well Arlo is making cybersecurity a priority at their cloud/infrastructure level where all of our video recordings are stored (IDS/IPS, Firewalls, Identity & Access Management, MFA on their systems, hardened systems, SIEM/SOC, etc). I am going to stop using Arlo until security is taken seriously. MFA via a phone app for our accounts is a must.


I'm really surprised there is no 2FA in a IoT service like this. This is a bit scary to be honest. I was considering upgrading my Arlo system at home but this is a big drawback Smiley Sad