Arlo|Smart Home Security|Wireless HD Security Cameras

Make PC as a trusted device for 2FA

I use 3 devices to access my Arlo cams. My phone, my tablet and my PC. It isn't possible to add my PC to known devices for the 2 step verification process. Every time I try to access my cams via my PC, I have to get the code from my phone and enter it in my PC. Would be much easier for PC users to have the capability to list the PC as a known device. 

Comments
dcfox1
Master

Yes PC can not be a trusted device but Arlo recently made it optional so you can turn 2FA off next time you log in. It is the web page settings for 2FA in your profile. They are working on making a PC trusted device. 

madkiwi
Luminary

Thank you. Wish that was explained in the authentication email! 

 

Or anywhere else...

auwilliams
Fledgling

https://community.arlo.com/t5/Arlo/Repeated-forced-login/m-p/1722855

 

This is a continuation of the above problem, which was not fixed but marked as solved to avoid issuing a patch.

 

I work on my computer and rarely use my cell phone. As such, I have a dedicated computer monitor for my Arlo streams as enhanced home security which should never be disconnected. Arlo does not support this and not only forces the web client to log out after a short amount of time, but requires 2FA EVERY TIME you want to sign back in.

 

My questions:

1. If Arlo is so security-minded, why have they not heard of "trusted devices" before?

2. What solution do you give people wanting to continuously stream their devices?

3. What good is the website when I have to grab my phone every time to use it?

 

🤦‍♂️

 

I will not be buying more Arlo devices because they are subpar for home security and I have been recommending people away from your brand for the reasons above. Arlo does not allow me to watch my security cameras due to this egregious security theater. I'm hoping this can be resolved so the devices I already own don't need to be sold to buy a better brand.

StephenB
Guru

FWIW, Arlo decided not to mandate 2FA until they had the ability to trust a PC browser.  So it is possible to turn off 2FA until they roll out that feature.

dcfox1
Master

@auwilliams  Also since it is a battery system Live stream times out after 30 minutes to save the battery if one forgets as it would drain the battery faster with long term Streaming. It is not a CCTV system. I have not got logged out as long I was steaming unless I closed the tab. But that is the same with any secure log in site once you close tab or browser. 

auwilliams
Fledgling

@StephenBThanks, I would mark this as the thread solution but it looks like we've been merged. I have disabled 2FA until this gap in security has been fixed.

 

@dcfox1I understand, but those are arbitrary limitations for security equipment. I cycle through cameras which preserves their batteries and they are in easily-replaceable locations. I will write JavaScript to automatically sign me back into my Arlo account every time it forcefully signs me out.

krisLB77
Novice

Your 2FA/MFA should keep record of known devices and ONLY require 2FA when a request is made from an UNKNOWN device AND a browser session should be allowed as a recognized device!  Adopt web standards beyond 1993 that actually enhance the UI/UX for your customers.

 

These constant workarounds because of a poor UI are laughable.  Stop making your users jump through hoops to do simple things.

dcfox1
Master

@krisLB77  Why don't you just it it off until they make a PC a trusted device. 

yphrumnz
Fledgling

Thanks for the thread it looks like a temporary work around for what I would prefer.

I prefer two factor authentication for the first time I use any device. Then choose whether to make this device a trusted device.

I don't want to have to set and reset two factor authentication. I want to add my PC as a a trusted device - one I do not need to have 2FA every time I log on. Also have the opportunity to check in at a different device but not make it trusted.

JessicaP
Arlo Employee Retired
Status changed to: Implemented

Many Arlo users expressed concerns with the original implementation of Two-Step Verification due to its lack of trusted browser support. We have been working very hard to address these concerns and are excited to announce that trusted browser support will be included before resuming these requirements. This will allow users to trust web browsers for 14 days when enabling Two-Step Verification so that authentication is not required for every login when using that web browser.  Most popular browsers such as Edge, Chrome, Safari and Firefox are supported. 

 

For more information on how to set up Two-Step Verification and trusted browser, please visit the following article: What is two-step verification and how do I set it up? and What is a trusted browser?

 

Thank you,

Arlo Team