Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
Chris67
Luminary
Luminary

A reply to a topic you are following has been accepted as a solution!

Topic:

Mandatory Two-Step Authentication (Verification) a Bad Idea

Author:

ChrisKay (Follower)

Date:

2020-03-07 10:51 PM

 

I do not accept this as a solution. IT IS THE WHOLE PROBLEM

If you wish to shut down a topic for discussion please do not use trumped up solutions.

462 REPLIES 462
joe1821
Apprentice
Apprentice

The problem for me is that I only check my cameras about once every 2 weeks anyway, OR when I suspect something so basically I have to do the STUPID 2FA every time I log on.  It just pisses me off and now I wish I had NEVER even bought it.

dave4u69
Star
Star

so is mine probably because i turn pc off at night so every 2 weeks is not an option its daily

StephenB
Guru Guru
Guru

@aa1113 wrote:
Mine is asking everyday

Did you select "trust" in the browser? 

 

My own system is also requiring me to re-do 2FA more frequently than every 2 weeks, but not every day.  I have escalated this with Arlo, and I believe that have they have reproduced it.  In my case it doesn't seem to be linked to restarting the PC - I think it's linked to changing networks.

 

 

speedycamera
Star
Star

I totally agree with you  

d0lphin
Apprentice
Apprentice

Yes. So far, I can access cameras thru my phone or tablet, but I have to ask permission whenever I want to see it on my laptop. And two days is not the same as two weeks like they claim. I wish I had made the phone my authorized device rather than my tablet since my tablet isn't always turned on or close by. Don't know how to change that. And my wife has to find either me or the tablet when she wants to view cameras to get authorized. And 30 seconds is stupid. By the time I've found my tablet, turned it on and wait for it to load, I have to start all over with the laptop. What a joke!

tsoren
Initiate
Initiate

This is another half solution by Arlo.  Didn't you listen to the many users on this board complaining about your initial poor implementation of 2FA?  Satisfy your users by removing the 14 day limitation for support of trusted browser and devices or at least make it an option for the user to indicate the # of days with NEVER being an option.  

StephenB
Guru Guru
Guru

@d0lphin wrote:

 I wish I had made the phone my authorized device rather than my tablet 


Go into the account profile -> Login Settings, and select two-step verification.  If you then select edit, you'll be able to change the primary device.

d0lphin
Apprentice
Apprentice

Thanks - I'll try that.

dcfox1
Master
Master

@StephenB wrote:

@aa1113 wrote:
Mine is asking everyday

Did you select "trust" in the browser? 

 

My own system is also requiring me to re-do 2FA more frequently than every 2 weeks, but not every day.  I have escalated this with Arlo, and I believe that have they have reproduced it.  In my case it doesn't seem to be linked to restarting the PC - I think it's linked to changing networks.

 

 


Good point. I have not had to do 2FA again on my Tablet so far but I am on the same network all the time. 

StephenB
Guru Guru
Guru

@Kaskillah wrote:

It does not matter what device I use to log in whether it's my iPhone, my Macbook or my PC at work. I forced to complete the 2F authorization every single time I log in. 


Are you pressing the "Trust" button in the browser after the login is approved?

 

The iPhone can be listed as a trusted device, so you shouldn't need to go through 2FA on that one.

speedycamera
Star
Star

Does anybody want to buy a 4 camera system that has rechargeable batteries   ?  " Don't want Arlo anymore 2 step doesn't work for me I need instant access "  by the time you go through all the BS.  your stuff is stolen Arlo is no good and would not recommend Arlo to anybody ,If you buy it your a fool.

speedycamera
Star
Star

I talked to support they have a one-track mind they wanted to authorize my computer so I can get on faster I'm not letting anybody in or authorize the use of my computer these people think they cant get hacked by someone Nasa, FBI. , CIA, Microsoft all have been hacked and Arlo thinks they are foolproof and can't get hacked got news for them they are not. If i gave them permission for my computer and they got hacked they would have all my info, ( NOT GONNA HAPPEN AROLO )

StephenB
Guru Guru
Guru

@speedycamera wrote:

I talked to support they have a one-track mind they wanted to authorize my computer so I can get on faster 


I think you misunderstood what they wanted you do to.

 

After you go through 2FA, there is a "Trust" control in the browser.  If you click on that, then you shouldn't have to go through 2FA again for another two weeks. 

 

This is similar to just turning off 2FA for two weeks.  If you were ok w/o 2FA, you should be ok with this.  It doesn't give Arlo (or anyone else) access to your PC.

d0lphin
Apprentice
Apprentice

Well, I tried that but when my wife tried to access on her laptop, there was no push notification to my phone to get her on. Had to reset to my tablet which means running all over the house trying to find it, turn it on, let it boot up, change setting back to tablet, and have her try again. You know how much time that takes? The 2s needs to be an option as it is worthless to me.

dcfox1
Master
Master

@dcfox1 wrote:

@StephenB wrote:

@aa1113 wrote:
Mine is asking everyday

Did you select "trust" in the browser? 

 

My own system is also requiring me to re-do 2FA more frequently than every 2 weeks, but not every day.  I have escalated this with Arlo, and I believe that have they have reproduced it.  In my case it doesn't seem to be linked to restarting the PC - I think it's linked to changing networks.

 

 


Good point. I have not had to do 2FA again on my Tablet so far but I am on the same network all the time. 


I spoke to soon I had to do it today. Guess I jinxed myself. 

dcfox1
Master
Master

@Kaskillah  You never said if you hit the "trust this device" in the bowser after login after approving the device login  in a Push notification on your phone that someone asked earlier. 

arseasttle
Apprentice
Apprentice

[Tried to start a new discussion but got caught up in the "label not allowed" loop]

All right, in addition to STILL believing that 2-step verification is a terrible idea and should be optional -- and we've been given NO reason why it can't be optional -- I have another question that, I'm sure, Arlo won't answer.

 

Why can't I be signed in to my account on two or three verified phones/computers/etc. at the same time?
An alert goes off on the back door. I see the alert on my phone, press to see the camera, but I had signed into my verified computer a couple of hours earlier and now have to go through the whole log-in thing again. While Arlo might think that 30 seconds here and there doesn't matter, it's long enough for someone to kick open our door and grab stuff.

Meanwhile, my wife's upstairs and sees the alert on the camera too and takes a look at the computer screen but, alas, she's now either been logged out OR she now bounces ME off the system.

 

So, you're insisting on the two-step verification, against the wishes of the vast majority of your users AND contrary to one of the primary selling points of your product, but even after verifying my computer, my ipad, and my iphone, I can only be on one at a time? What's the point of that? I mean, THEY'VE BEEN VERIFIED, right? Once it's verified, even if it's for the two week period -- which is incredibly arbitrary, it seems -- why can't all verified products remain signed in.

 

Maybe I'm missing something . . wouldn't be the first time. But the WHOLE POINT of a security system is access and speed of notification. Why do anything to the system that would slow this down?

Daisymel
Tutor
Tutor

I couldn't agree more.  Well said.  If someone is trying to bust down my door or just even banging on it aggressively, I need immediate access to the camera feed.  It shouldn't matter what device I'm closest to, laptop, tablet or phone.  All should respond immediately.  I am certainly not an IT person or security expert, but I am failing to understand how this 2FA process actually helps the consumer.  Who is going to hack into my camera to see who is at my door?  Arlo, perhaps if you had notified us of this action and why you feel this is an enhancement to the product???

tsoren
Initiate
Initiate

Arlo stock IPO'd in August 2018 at about $22 per share, today about 3 years later it is only worth $6.24.  Not listening to customers like on this 2FA issue and it will just continue to head towards $0.  Wake up Arlo!  

EOSJOE
Apprentice
Apprentice

"I couldn't agree more.  Well said.  If someone is trying to bust down my door or just even banging on it aggressively, I need immediate access to the camera feed.  It shouldn't matter what device I'm closest to, laptop, tablet or phone.  All should respond immediately.  I am certainly not an IT person or security expert, but I am failing to understand how this 2FA process actually helps the consumer.  Who is going to hack into my camera to see who is at my door?  Arlo, perhaps if you had notified us of this action and why you feel this is an enhancement to the product???"

 

That's what was happening to me. I would be in the living room and the iPad would chime about a camera motion detection. When I would try to view the event it wanted to 2FA authenticate to my phone which was upstairs in the bedroom charging. Unlike some folks I don't have my phone surgically attached to my hand.

 

Even once you authenticate there's no telling when the next time is that it will challenge you. You can rest assured it will be when you need to quickly view an event.  😞

 

 

arseasttle
Apprentice
Apprentice

<<That's what was happening to me. I would be in the living room and the iPad would chime about a camera motion detection. When I would try to view the event it wanted to 2FA authenticate to my phone which was upstairs in the bedroom charging. Unlike some folks I don't have my phone surgically attached to my hand.>>

 

Yep. Plus, since phone verification is a "push" and not, let's say, a "message," you can ONLY authorize on that phone which, quite often, is more than 30 seconds away. (If it was a message, it would show up on my computer, my tablet, and my phone . . . at least I'd have a chance to see what's going on at the back door before going down to see what was going out the back door.)

StephenB
Guru Guru
Guru

@Kaskillah wrote:

@dcfox1  I have been "trusting" it each time and I still have to complete a 2F almost every single time. I


Thx for replying, that is helpful to know.

SmartShopper
Initiate
Initiate
Am very disappointed and annoyed with the 2FA requirement. Thanks for the tip. Its about time to upgrade anyway.
joe1821
Apprentice
Apprentice

 @speedycamera

 

"Does anybody want to buy a 4 camera system that has rechargeable batteries   ?  " Don't want Arlo anymore 2 step doesn't work for me I need instant access "  by the time you go through all the BS.  your stuff is stolen Arlo is no good and would not recommend Arlo to anybody ,If you buy it your a fool."

 

Not if it's ARLO.  Who wants that s*)t?  I'm getting rid of mine too.

 

joe1821
Apprentice
Apprentice

 @arseasttle

 

 "Maybe I'm missing something . . wouldn't be the first time. But the WHOLE POINT of a security system is access and speed of notification. Why do anything to the system that would slow this down?"

 

No,,, you're not missing anything; Arlo is just too AFRAID of litigation to entertain the notion of satisfying their customer base.  Again I'll say that the loss of customers that Arlo is going to have will affect their bottom line, and at that time they will realize the the bottom line is what keeps them alive.