Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
Chris67
Luminary
Luminary

A reply to a topic you are following has been accepted as a solution!

Topic:

Mandatory Two-Step Authentication (Verification) a Bad Idea

Author:

ChrisKay (Follower)

Date:

2020-03-07 10:51 PM

 

I do not accept this as a solution. IT IS THE WHOLE PROBLEM

If you wish to shut down a topic for discussion please do not use trumped up solutions.

462 REPLIES 462
AikaneKai
Apprentice
Apprentice

>Arlo DOES NOT CARE about its customers. 

I 100%  agree.

 

>They also lied about sessions timing out requiring you to login. 

I haven't seen them lie about it, but they do try to hide the fact that they've completely ruined it. 

 

2 years ago, the browser authentication lasted for 12 hours and was managed by cookies.  I could refresh my browser windows, I could even completely close them and reboot my computer and still be authenticated when I came back to the Arlo screen within that 12-hour window. 

 

Now they've changed it so you can't refresh your window or you're logged out.  You can't close and come back or you're logged out and unless you interact with the page at least every 29 minutes, you're logged out.  WORTHLESS.

 

I had a post up here about it, but the mods removed it.

 

 

Chris67
Luminary
Luminary

Arlo’s 2FA is an absolute shambles. My browser only got 2 days of “trusted browser recognition” before I was asked to authenticate again. I authenticate by push notification but did not receive any push notifications despite trying 3 times. I then restarted my phone (Galaxy Note 9) and tried again. This time I received a push notification and was able to authenticate and click “Trust Browser”. I have no idea why this happened as I had not changed any settings in my phone. Don’t know if it was a change that Arlo made or some change that occurred with my phone. Regardless, it just shows the fragility of the 2FA implementation and the frustration it causes.

valglad
Guide
Guide

I agree. In the beginning, I did notice it was taking less than two weeks to "re-trust" the browser but I was like "whatever".

 

Then, gradually,  the time between these "authentications" was getting shorter and shorter. It currently stands at around 3 days for me on one of my computers and a little longer on the other. 

 

This morning I was sitting by the window at my computer and noticed something outside, wanted to check the camera and bam!!! -- "Please authenticate your browser" (or whatever else the message was saying) even though I did that 3 days ago. It's going to be real fun when a true emergency would present itself.

 

Again, I am not sure why Arlo is making it difficult for their customers to use their products. This defies any logic.

 

birddog323
Tutor
Tutor

Seems Arlo is opening themselves up to lawsuits.  I too had an urgent situation and wanted to check on well-being of household.  In my frantic state blew the 2FA and had to go reset.  That is another troublesome process.  Ended up calling police for welfare check.  Short story....  they suggested I get some cameras.  Yeah Right!

EOSJOE
Apprentice
Apprentice

For those experiencing 2FA re-authentications sooner than 2-weeks, one thing I've noticed (with Chrome on the PC anyway) is that anytime Chrome does an update I have to re-authenticate on the next login regardless of when the last authentication was.

AikaneKai
Apprentice
Apprentice

I am getting really annoyed by this having to reauthenticate my browser garbage.  There is absolutely no reason for this design.

arseasttle
Apprentice
Apprentice

Unless I keep my phone with me at every moment of every day, this authentication system is pretty useless and, as others have expressed, exasperating. I don't stay "authorized" for 2 weeks . . .it's actually pretty random when I have to re-sign in. We had an alert on our backyard camera and, since my phone was not by my side, I missed the code twice. By the time I finally signed in to see what was going on, there was nothing going on anymore. (Having a "talk through the camera" feature is pretty useless too if, by the time you access the camera, the person is long gone.)

 

This is a ridiculous, poorly implemented, system and we need an opt-out. (Make us sign some sort of "I understand the risks" thing if it's a legal issue.) That said, after hundreds and hundreds of messages on this thread, it's obvious that Arlo could not be less interested in what the customers think. No changes . . no options . . . no replies . . nothing. 

 

The ONLY way anything's going to change is if people stop buying Arlo products. To that end, I encourage EVERYONE who's disappointed to write about this issue on every sales platform available. Write your reviews, warn people, and if sales really start to plummet perhaps Arlo will fix this issue once and for all.  As I've said before, there's only one absolute necessity for a security camera system; instant access to alerts and warnings. Having to wait a minute or two just to see what's going on completely defeats the purpose of having this system.  

IshmaelB
Apprentice
Apprentice

432 comments in the thread so far, and SILENCE from Arlo.   They DO NOT CARE.   The CEO is only interested in milking the Arlo name and selling new product.  Not supporting existing customers.  We are old news and not interesting.   So, spread the word FAR AND WIDE.  Tell everyone NOT to buy ANYTHING from them or they will regret it.  Post on places like BestBuy.com.  As many as possible.  Often.  Repeatedly.  And don't mince words.

Arlo support is a joke.  They ask the same things over and over. 

And they lie, e.g. they DO NOT keep 7 days of video in the "free" plan which we paid for when we bought these things.  

At 8PM Eastern a whole day is deleted and only 6 days remain.  Must be Common Core Math they use.   They are also cowards, otherwise they would be on this thread like white on rice.   Crickets.  

 

arlo-user123
Apprentice
Apprentice

Is it possible that 2FA has been removed? Check your account and report back please.

bravodelta29
Guide
Guide

Nope.  It's still there.

emorrisette
Initiate
Initiate

Such a terrible feature.   Let me turn this requirement off.  

jguerdat
Guru Guru
Guru

Your bank should do this, too.

 

It appears you're using the web client. While I agree that the current 2 week trust is too short once trusted it should work without the need for a phone. What is the issue you're having that requires the phone every time?

bellaplace518
Aspirant
Aspirant

NO use for this step on home cams. If you need to check cams fast, you're out of luck. phone in another get up look out side. Not home out of luck. This turned  arlo into a junk system! will bye no more arlo cams!!!!!!!!!!!!!!! 

dcfox1
Master
Master

@bellaplace518 wrote:

NO use for this step on home cams. If you need to check cams fast, you're out of luck. phone in another get up look out side. Not home out of luck. This turned  arlo into a junk system! will bye no more arlo cams!!!!!!!!!!!!!!! 


You don't need to go through it every time. For the phone it is a one time set up, for the PC is every 2 weeks but for me sometimes it's a week or so.  Follow these steps for making your Phone and PC a trusted device. 

What is two-step verification and how do I set it up? (arlo.com)

Joobles
Aspirant
Aspirant

That is not the case. My PC requires me to authenticate using the mobile app roughly every twenty minutes. This 2FA is useless. If I need to access the cameras from my PC and my wife (who's at work) cannot or does not respond to the notification that I want to do so, then I'm locked out of my own system! I've only just bought this Arlo kit but I will be returning it for a refund under the UK's Consumer Rights Act 2015 on the grounds that it is not fit for purpose. If I cannot access it immediately and at will it is a pile of expensive and pointless junk.

StephenB
Guru Guru
Guru

@Joobles wrote:

That is not the case. My PC requires me to authenticate using the mobile app roughly every twenty minutes.

That is quite unusual.  I've certainly had issues with the trust expiring before 14 days, but nothing like that. You are choosing "trust" on the PC browser?  Is there something unusual with the PC network connection (switching frequently to another network or a VPN)?

 

You seem to be sharing the same account with your wife.  One thing you could try is setting up a friend account for yourself, and use that on the PC.  Authentication for the friend account would then go to your own mobile device (or be set up to go to your email).  https://kb.arlo.com/000039122/How-do-I-add-friends-to-my-Arlo-account

Joobles
Aspirant
Aspirant

There is no network switching going on at all and I select "trust this browser" every time it appears.
I was speaking with support this morning for about an hour to solve this and three other issues I have. They suggested the "grant access" option but it wouldn't work. The "Send Invite" button was greyed out on both browsers of my PC, one browser on my wife's PC and my wife's mobile phone. They couldn't explain why.  I have also found the push notifictions to be inconsistent and late in arriving which is worse than useless if I want to monitor what it going on around my property in real time.

This system is unworkable so I'll be expecting a refund on it.

StephenB
Guru Guru
Guru

@Joobles wrote:

There is no network switching going on at all and I select "trust this browser" every time it appears.


What browser are you using?

Do you have internet security software running on the PC (Kaspersky, Norton, Avast, ...)?

ruvim
Aspirant
Aspirant
I am so annoyed of two factor login. I should have the option of whether or not it’s enabled. I want to turn it off, even if it’s not as safe.
Charles2022
Aspirant
Aspirant

I agree, this should be the users choice not forced. This is a camera system not really total home security. 

dcfox1
Master
Master

I agree it should be an option, but it all started several years ago with a Ring cam Hack. Some occasions someone was actually talking to a child. So, most brands have it now. 

rdoritty
Aspirant
Aspirant

Suspect this will be deleted.  I would have never purchased these cameras if I knew before hand that I would be forced to use two factor authentication.  I will be changing to something else in the next year.  Your forced authentication requirement is forcing me to find another vendor.  Well done! 

reed_bob_1365
Aspirant
Aspirant

It's not VPN, it's incompetence.

JimmyD_
Initiate
Initiate

As a Firefox user who has his browser set-up to clear cookies & history at every shutdown, the "Trust Browser" is useless.
I am updating our camera system and it will not be an ARLO - even though I love this system - the stupid two factor authorization is a waste of time. WHAT DO I CARE IF SOMEONE HACKS IN AND VIEWS MY CAMERAS? They're not in my bedroom or bathroom, and I'm not running around my yard naked. I don't need extra double security to prevent someone from viewing this...

 

this.jpg

 

 

4chows
Aspirant
Aspirant

I do NOT see a DISABLE function on my phone. WHY??

I DO NOT WANT the stupid 2-step verification. Can someone tell me how to disable this?