Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
Discussion stats
  • 13 Replies
  • 4421 Views
  • 0 Likes
  • 5 In Conversation
Nighthawk117
Star
Star

I was using tech support and gave access to my account by changing the password.   Had done it times before no problem.    But now Arlo will not let you use a previous password....     So it is annoying that if I use tech support and give them access by changing password to one they ask.    Once we are done I cannot change it back to my old one.   This feature should be removed as if I have to change my passwords every time I use tech support I will probably stop giving them access.       

13 REPLIES 13
jguerdat
Guru Guru
Guru

It's been a while since I did this but I had no trouble reusing my old password. Are you seeing an error message?

Nighthawk117
Star
Star

It is with the new update.    I change it to Arlo123 then try to change it back now it says cannot use old password.    So it seems that when I call into tech support next time Arlo123 won't work either.    The tech support said I have to post it here because they can't clear my password history when we are done with tech support.     I had no problems the last 4 times just this 5th time.

F-r-i-t-z
Aspirant
Aspirant

Had the same problem yesterday. I could not reuse my password after Arlo tech support.

Nighthawk117
Star
Star

netgear this is not accepted as a solution it is a question 

Nighthawk117
Star
Star

Can we get a fix for the password issue?

JamesC
Community Manager
Community Manager

This is a security related change, not a bug, old passwords can no longer be used.

 

JamesC

pc2k17
Hero
Hero

Never give your password out to anyone, not even arlo tech support. I'm an engineer working for an international company with over 30,000 users. In over 13 years I have NEVER had to get someones password from them. A tech support person, even a level one person, should have tools and other means to solve issues that don't require you giving them your password.

 

Also, my company also implements non-reuse of passwords that have been already used in the last 18 months. This is done for security reasons and is standard practice in the IT inductry in corporate environments.

Nighthawk117
Star
Star

I did not give them my password.  If you read what I wrote I changed it to Arlo123 for them to access my account temporarily and had to change it after they were done.

pc2k17
Hero
Hero

I read what you wrote..... You changed it to Arlo123, which now becomes your current password, and then you gave them that password. I guess I should have been more clear....... do not give any support agent any password that allows them to sign into your account, whether it be a temporary password or a permanent one.

 

I think you missed the point or I wasn't clear enough and I apologize for that. You allowed them to sign into your account and there is no reason at all why an Arlo level one call center tech support agent would need to sign into your account. How do you know they didn't download all your library videos and are using them for who knows what now. If they need to check some settings or change some settings in your app (or web interface), they should have you sign into your account and walk you thru the steps to check or change. If there was anything else they need to check, like how many cameras you have, are they online, is your base online and talking to their cloud servers, etc, they have systems that allow them to do that without accessing your account directly. And the level 1 techs can't check those systems a level 2 or 3 tech can.

 

Think of it this way.... have you ever called you bank or credit card company or your ISP for support, and have they ever asked you for a password to sign into your account? My guess is the answer is no. In fact most companies always tell you our agents will never ask for your user name or password and if someone does never give it to them.

 

I don't know why they said they needed to sign into (access) your account, but they should have been able to do any troubleshooting without having direct access to your personal account.

Nighthawk117
Star
Star

Yes i let them sign into my account like you said they can alway get in the back end.   I delete my videos i left the ones i wanted them to see the setup.   Simply because i was sick of answering the no brain questions on how to fix the system.    They can look at my library all they want be a big mistake thinking that was the only line of defense.   It is not my bank account or anything like that.   And reguardless if someone really wants to get in you think that the arlo password is going to stop them?

pc2k17
Hero
Hero

They can't directly access your account from the "back end", they can only administer it. No Arlo level one tech at some call center in who knows what country should have direct access to your account. They should, and I assume do, have access to administer or perform admin functions on the account. Direct access and access to administer your account are two different things.

 

I understand not wanting to continually talk to the level one and get the scripted questions. Next time demand to go directly to level 2 or 3. I assume Arlo/Netgear has this in place, but I don't kmow because I never call tech support.

 

Your password, if done correctly, should keep anyone out especially from a brute force attack, which is the most common way of hacking any account. Second most popular is using your social media to figure out possible passwords and just start trying them. But, if you use a proper password consisting of random upper and lower case letters, numbers, and special characters, have that password be 20 characters minimum,  and have that password be equal to 128bit encrytption then a brute force or social media guessing attack is never going to work. It would take thousands of years to crack such a password. If your password is this secure then the only way any hacker is getting in is to hack the Arlo server themselves (or if you fall for a phishing attack). Also make sure to never use the password for multiple accounts. I have about 100 passwords all with this level of complexity. So yes, if done right, a complex password is going to protect you against most any attack attempt.

Nighthawk117
Star
Star

This was such a waste of your time and mine, your giving advice on something you never done.

pc2k17
Hero
Hero

I gave you advice on keeping yourself safe and secure on the internet. If you feel that was a waste of time, well to each his own. I'm trying to help you because it's people who don't know how to properly secure their accounts online that will get hacked and/or have their identity stolen. I've been working in IT a long, long time and have been a computer/desktop engineer for 13 years. I have a very high level of education in computer science and over 25 years of experience. If you choose not to take free advice from an expert, then that's your choice, and I wish you good luck in your future internet travels.

 

BTW - I don't call support because as I mentioned, I'm an engineer and level 3 & level 4 support is part of what I do everyday. I don't need anyone to help me or fix anything for me because I just fix it myself.

 

Good luck and have a nice day.