- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Admins closed as resolved/implemented the discussion about the 2 factors authentication, because it's implemented in the iOS/Android app, but what about the web app and the API https://developer.arlo.co ?
I guess most attacks will use those surfaces and not smartphone apps.
Securing half of the system is no security at all.
Thank you in advance.
Best regards.
- Related Labels:
-
Online and Mobile Apps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Locutus73,
The two-step verification works with the web client on your computer as well. You can read more about the two-step verification here: What is two-step verification and how do I set it up?
For the link you provided, that is from a training management software company, which is not affiliated or related by us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@JessicaP Ok, the link (documentation) is from an external company, but the APIs exist (and is yours), can be used (I use them every time for integrations, i.e. changing mode or setting off the siren from HomeKit) and are very nice... but are APIs protected by 2FA (I really don’t know, I’m asking)?
If I was an hacker trying to compromise some account I’d try using API and scripting.
Thank you in advance.
Best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just made some tests and
- Old authentication API doesn't work if we activate the 2FA (but still works without enabling it)
- New authentication API lets register iOS/Android phones/tablets as trusted devices (not requiring further 2FA), but it doesn't (still) have a mechanism for trusting the web app, so users are required to confirm the login on the master iOS/Android device each and every time they access from the web
This way third party integrations require either
- Disabling 2FA for the used account (usually a separate account from the master)
- Enabling it and somehow mimic an iOS/Android device in order to be trusted and blessed forever
- Wait for a mechanism in order to trust web app and mimic it
Thank you in advance.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
I've been using a nodejs script with my arlo account to automatically download images from the cameras.
Now that my account has been forced to turn on 2FA, my scripts have stopped working.
Has anyone figured out how to get a RESTful APi client to work with arlo's 2FA?
Thanks,
Bobby
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
I created a second web account but it looks like they force you to turn on 2FA and I don't see a way to turn it off.
Are you aware of a way to turn off 2FA?
Thanks,
Bobby
-
Arlo Mobile App
565 -
Arlo Pro 2
11 -
Arlo Smart
168 -
Before You Buy
974 -
Features
411 -
Firmware Release Notes
57 -
Google Assistant
1 -
IFTTT (If This Then That)
24 -
Installation
1,121 -
Online and Mobile Apps
865 -
Service and Storage
317 -
SmartThings
37 -
Troubleshooting
6,130