@AikaneKai  Nope don't work for them.  But they did post a while ago you can turn it off if you missed it. 

@dcfox1 

>Nope don't work for them.

Maybe.  I'm not sure why else you'd be so sycophantic.

>But they did post a while ago you can turn it off if you missed it.

Yes.  Here, and only here.  They did not push that announcement out through their app, and you know they didn't.  They did not take any other steps to help the people whose systems they broke.

They forced it on in spite of knowing the problems it would cause.  Then, when everyone is dealing with the issues, they allow it to be turned off, but don't have the professionalism, or the courtesy or the intelligence to actually let the majority of their user-base know. 

If this forum was the best method of communication, they never would have pushed the 2FA announcement through the app.  They would have only needed to post it here.  Clearly they knew that a post here would not reach the majority of their user-base.

@AikaneKai , @dcfox1 :  I suggest discontinuing this debate - I don't think it will go anywhere useful.  

@StephenB 

Wow, thanks dad.

---

@AikaneKai wrote:

@StephenB 

 

Wow, thanks dad.

---

Never good to see the children keep fighting.  

It's also good to call out the facts of the case in spite of the fact that some people don't want to hear it.

Spot on AikaneKai. Totally amateurish implementation of 2FA. Total lack of communication. Total confusion. A monumental fail. 

---

@AikaneKai wrote:

It's also good to call out the facts of the case in spite of the fact that some people don't want to hear it.

---

FWIW, I agree that Arlo should have done a much better job of communicating their decision to allow 2FA to be turned off again.  It was well communicated here by JamesC (and I think posted once on facebook), but there were no emails, in-app notifications, etc.  And I think everyone would agree that they shouldn't have mandated 2FA in the first place until the browsers could be trusted.

But you both made your points in your early posts, and the back and forth wasn't going anywhere useful - just repeating the same stuff over and over.

Just tried it. Turned on 2FA.  I signed in and did the 2FA with my phone. It then asked if I wanted to make my browser trusted. I clicked yes. Even thought it gave a "something went wrong" message, it still worked.  I logged out and then logged back in without 2FA being required.  Much better. Thank you Arlo.

Arlo.... are you saying that the, "New" 2 step log-in is only able to be disabled for 14 DAYS starting on July 6th 2021??? If that is correct, then we are back to step one again!

If a trusted browser or device will allow bypassing the, "Two Step" login, but after 14 days it will no longer bypass the 2 step process, then we are right back to where we started in the first place and only have a two week period to allow a quick access to our cameras.  YOU must be kidding.  I honestly hope you don't actually mean this.  It will mean we haven't accomplished ANYTHING with our communications to you.

---

@joe1821 wrote:

Arlo.... are you saying that the, "New" 2 step log-in is only able to be disabled for 14 DAYS starting on July 6th 2021??? If that is correct, then we are back to step one again!

If a trusted browser or device will allow bypassing the, "Two Step" login, but after 14 days it will no longer bypass the 2 step process, then we are right back to where we started in the first place and only have a two week period to allow a quick access to our cameras.  

---

After 14 days you just need to enter a code again and it is trusted for another 14 days as with some banks. Better then not trusting at all as it was before doing it every log in.

Restarting this thread in "New Idea" because the previous one is locked and I don't really need "support" to help me through it. I just want Arlo to re-implement it properly.

@JessicaPThanks for the update on where you're at with 2FA but I think Arlo is still not listening.

> Many Arlo users expressed concerns with the original implementation of Two-Step Verification...

That is somewhat of an understatement.

> announce that trusted browser support will be included before resuming these requirements.

Yay!!!!!

> This will allow users to trust web browsers for 14 days...

Wait... what? Boooo!!!!

I've been a long time follower of this thread and I don't recall ANYONE suggesting this as a good idea. It's just wrong and won't fix most user's issues. Why not keep it optional? If you must impose a time limit, why not make it configurable? OR have a manageable list extra devices that have been given trust and be able to remove them using the primary device.

While I appreciate there can be a need for high security, it's not a bank and won't always require this level of security. If people want it or need it, the *option* should be there but not enforced.

I for one will not be satisfied with Arlo's solution. I don't always have my phone glued to me and my biggest concern is if that one and only trusted device is lost, stolen or broken and if I haven't enable my Home PC, work PC or laptop in the last two weeks, I'm all out of luck. I need to know I have a few devices I can rely on for access.

Please Arlo, listen to your users.

This has to the dumbest thing I ever heard only 14 days then you have to redo it again this is nothing but typical Arlo screw up that some mastermind came up with. Man I cant wait to get rid of this system as Arlo had a very nice system and it has gone downhill ever since like video quality as the pro2 HAD a nice clear video/picture in the beginning and ever since the pro3 and up to the Ultra2 came out Arlo dump the quality on the pro2 thinking people are dumb enough to upgrade to the higher end product. What do you think is going to happen the Ulra2 after it get age on it and they come out with a higher product then the Ultra2? There's will go downhill also.   

Every bank I deal with trusts my browser forever unless I clear my cookies, then you have to reauthenticate. My guess here is the 14 days is a technical limitation of their system, that Arlo isn't using a persistent type cookie, but maybe some kind of server side implementation, or combo of the two, which could mean a large database replicated through out all their data centers. In that case it might make sense to purge records of people who may only use the browser every few weeks or once a month. However, it becomes an inconvenience to people who use the browser every day.

Just my two cents, I know nothing about how arlo implemented this, I'm just an IT guy taking a guess at the rational behind the 14 day limit.

@ShayneS (Arlo Moderator) “As part of our ongoing initiative to bring peace of mind through implementing the latest in best security practices, we will be resuming mandatory Two-Step Verification requirements for all Arlo users starting July 6th, 2021”.

Why is it in Arlo’s company DNA to always be deceptive and misleading? This does not explain why 2FA has to be mandatory rather than optional. If it were optional customers could have “peace of mind” by turning on 2FA but if customers preferred convenience over “peace of mind” and a seamless security experience they could elect not to activate 2FA.

Why can’t Arlo be honest with its customers and call it as it is. Use words to the effect “For Arlo to more easily comply with worldwide regulatory requirements and to protect Arlo’s infrastructure and in order to reduce any likelihood of litigation, Arlo will be MANDATING Two-Step Verification”.
Arlo please do not continue to treat your valued customers as brain-dead morons.

Thank you for at least giving us 2 weeks of continuous trusted web browser usage.

https://www.arlo.com/en-us/privacy-pledge.html  Protection. We keep your data safely secure. “We support industry-leading methods and practices designed to protect your account, such as giving you the option to enable two-factor authentication and access approval for new devices to verify it’s really you”.

Arlo, why do we not now have the option to enable 2FA as stated in your Privacy Pledge?

---

@pc2k17 wrote:

Every bank I deal with trusts my browser forever unless I clear my cookies, then you have to reauthenticate.

FWIW, a timeout on 2FA isn't unusual.  My employer uses a one week timeout - more aggressive than what Arlo is doing.

Two weeks is far better than every single time, so personally I am ok with it.

Don't mind the 2 week login.... it's a pretty good time frame.

BUT, I still think it should be optional !

---

@TomMac wrote:

Don't mind the 2 week login.... it's a pretty good time frame.

 

BUT, I still think it should be optional !

---

Yeah, I'd prefer that it be optional too.

If this is their so called, "Solution" to the problem of this stupid 2 step verification, then ARLO did NOT accomplish anything at all with solving this frustrating problem.  We are right back at square one every 14 damn days.  I for one am in the market for a new security system and will pass on the information to my friends that ARLO is doing this.  There should simply be a, "DISCLAIMER" in the system to protect Arlo when a users CHOOSES to disable the 2 step feature.  Then everyone would be happy.  It seems that all of us complaining about this 2 step nonsense were going to be happy campers when Arlo said it would add PCs as trusted devices, but here we are back at square one.  ARLO,,, you are losing customers!!!