Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
Chris67
Luminary
Luminary

A reply to a topic you are following has been accepted as a solution!

Topic:

Mandatory Two-Step Authentication (Verification) a Bad Idea

Author:

ChrisKay (Follower)

Date:

2020-03-07 10:51 PM

 

I do not accept this as a solution. IT IS THE WHOLE PROBLEM

If you wish to shut down a topic for discussion please do not use trumped up solutions.

462 REPLIES 462
hennesbe
Star
Star

Maybe someone already answered your question.

I have always automatically be logged out on a previous devise when I log into the next none.  

I get a message displayed that I was logged out.

I'm using an iPhone SE and a Mac Air

Tbaby
Tutor
Tutor

Chris67,

I just clicked on new posts and saw the one you posted on the 5/1, then the one you posted 4/29.  I received my camera/doorbell on 4/14 and had not had any problems with 2FA. Mandatory or not I use it on all log ins.

 

StephenB
Guru Guru
Guru

@Tbaby wrote:

Chris67,

I just clicked on new posts and saw the one you posted on the 5/1, then the one you posted 4/29.  I received my camera/doorbell on 4/14 and had not had any problems with 2FA. Mandatory or not I use it on all log ins.

 


I don't think this is going anywhere useful.  Arlo has already decided to let people choose to hold off on 2FA until PCs can be trusted.  

 

Making a more compelling case that 2FA has to be optional even after PCs can be trusted might be useful. I'm not seeing a very strong case for that, and I suspect Arlo hasn't either.  Some folks have suggested a release form of some kind, but anything like that would require Arlo to set up a system to administer it. 

 

It seems to me that designating PC as trusted is a one-time setup task, which shouldn't be onerous.  

 

 

Tbaby
Tutor
Tutor

Superuser, I agree with you on that note. 

Jeannie_K
Tutor
Tutor

Then how do you go about shutting it off if you have already turned it on?  Please help me with this.  It is driving me crazy that I can't trust my PC and my phone is just too darn little to see the photos.

hennesbe
Star
Star

Go Settings

<Profile

<Log in Settings

<Two Step

turn it off

Jeannie_K
Tutor
Tutor

Got it!  THANKS!  What a relief.  I have been struggling with this ever since I turned it on and have tried several times to turn it off and they wouldn't allow it.  As soon as I'm able to trust a device, I don't mind having it on at all but the way it was now, it was such a chore to check the cameras that I wasn't even bothering.  I hope Arlo gets their "stuff" together because I would like to add to my station but not if this is going to be what's coming down the road.

 

Thanks again.

 

aa1113
Apprentice
Apprentice
On your PC go to settings, then your profile and it will be listed. Slide it to off
WathchingTheCam
Initiate
Initiate

Doing to 2 step several times a day wastes too much of my time.

 

Very aggrevating.

Jeannie_K
Tutor
Tutor
WatchingTheCam - read the posts above. I was able to turn off the two-step verification. What a relief!
WathchingTheCam
Initiate
Initiate

Thanks!

Tbaby
Tutor
Tutor

I agree 2 step verification can be a pain and yes , you are automatically logged out of phone when logged into pc (vice versa).  As long as you still have your browser opened on your pc and running live (about 1hr) until you log into your phone. Try sliding Arlo page (tab) and resize on pc (screenshot). This way you can monitor all activity while using other browser(s) for work.  Hope this helps until they come up with a fix.

 


Screenshot 2021-05-11 072553.jpg
MDWORK
Guide
Guide

Please make the two step optional... I absolutely hate it. Those of us who already owned the system should be grandfathered into to the way it used to run and it should still be optional. I can't access my cameras from work because I do not have a cell phone on my person to verify or access to personal email. Or can make it so that you can answer security question to grant two step verification for those of us who do not have access to cellular phones or person emails while at work. Come on work with us!  

dcfox1
Master
Master

@MDWORK   If you read previous post here it is now optional until they make a PC a trusted device. 

MDWORK
Guide
Guide

Thank you, I did not see that they allowed you to disable the two step. What A Blessing!!! Hopefully they keep it optional. Thanks Again for the information 😉

MDWORK
Guide
Guide

Thank you, I needed the information too! 😉

ChrisDekker
Guide
Guide

The mandatory 2 step is yet another hasty patchwork for the security flaws and vulnerabilities that Arlo/Netgear is hiding about while they continue to sell thousands upon thousands of new units.

 

Keep notes, screenshots and document everything.

 

This is not a $500 toy.  Most of us buy it for somewhat decent security.  A consumer model like this hardly provided foolproof security, but when you pay $500 , most of us expect at least some sort of protection.

 

This is just Arlo creating halfass patches to hide their true security vulnerability.

 

 

Keep notes, screenshots and document everything.   I am not a lawyer, and I am not sure if there are any legal ramifications to Netgear/Arlo, but enough people need to start thoroughly documenting everything.

dcfox1
Master
Master

@ChrisDekker  Why not just turn 2FA off. 

ChrisDekker
Guide
Guide

I had turned it off after fining it worthless.

 

Turned it back on and tried it again  today on the suggestion of another "luminary", and sadly it is still the worthless workaround that Arlo suggests to distract its users from the real issues. 

hennesbe
Star
Star

it's time to bury this whole conversation.

pc2k17
Hero
Hero
Hmmm. Stifling free speech simply because you grow tired of the topic and don't like what's being said doesn't seem like a sensible thing to do.
If people want to keep talking about arlos monumental mess up, I say go for it. Complain, debate, and help as much or as little as you want.
hennesbe
Star
Star

I think Arlo got the message.  

ChrisDekker
Guide
Guide

Of course bury it.  Bury anything that does not shower praises.

 

It would be naiive to NOT  assume that there is a very good possibility that at least some of the "superusers" here are in fact Arlo folks.  You never know who is who on the web  these days, and this site is owned by Arlo.  

 

How convenient, let us bury any uncomfortable topics.,

hennesbe
Star
Star

havent we ******* enough 

I think they get it,

dcfox1
Master
Master

@hennesbe wrote:

havent we bit*hed enough 

I think they get it,


Agree, Not sure what is such a big deal to just turn it off for now. Arlo said they are working on making a PC a trusted device.