Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
MichaelUrs
Star
Star

@Tranceblast  schrieb:
This is what arlos email says:

"By the end of the year, Arlo will require all users to enable two-step verification. We strongly encourage you to enable this feature now for added security."

Sounds like arlo make users to use two-step verification.

That is the reason why we all urgently try to tell Arlo in this thread that MANDATORY 2FA is NOT a good idea as many use cases will no longer work and users will go away from Arlo ...

Tranceblast
Star
Star
Regarding to Arlo chatt today:

Hi, I got an email that you will activate 2FA by the end of the year. I really hope that arlo reconsider 2FA… If not, I will get rid of all my cameras… Really bad idea to not let user decide for themselves…
Is it possible for you to reconsider?

Arlo:10:27 AM
Thank you for raising that question. The 2FA or most likely called "Two-steps verification, it is actually depending on your decision whether to activate it or not.
The massive email pertaining to 2FA was just a heads-up that we have 2FA feature for reassuring.
Arlo Support

10:30 AM
In the email I received, it says that two-step activation will be turned on automatically by the end of the year

Arlo: 10:32 AM
Yes but you can actually disable that if you don’t want to use that kind of feature.

11:41 AM
Okey so you isn't going to require it? It's a big difference between have a choice and requires

11:43 AM
No, it isn't.

11:43 AM
So I will still have a choice even if that you require it?

11:45 AM
Yes, you do have a choice. The customers always have a choice to make. Don't worry.
Arlo Support
MichaelUrs
Star
Star

@Tranceblast  schrieb:
Regarding to Arlo chatt today:

Hi, I got an email that you will activate 2FA by the end of the year. I really hope that arlo reconsider 2FA… If not, I will get rid of all my cameras… Really bad idea to not let user decide for themselves…
Is it possible for you to reconsider?

Arlo:10:27 AM
Thank you for raising that question. The 2FA or most likely called "Two-steps verification, it is actually depending on your decision whether to activate it or not.
The massive email pertaining to 2FA was just a heads-up that we have 2FA feature for reassuring.
Arlo Support

10:30 AM
In the email I received, it says that two-step activation will be turned on automatically by the end of the year

Arlo: 10:32 AM
Yes but you can actually disable that if you don’t want to use that kind of feature.

11:41 AM
Okey so you isn't going to require it? It's a big difference between have a choice and requires

11:43 AM
No, it isn't.

11:43 AM
So I will still have a choice even if that you require it?

11:45 AM
Yes, you do have a choice. The customers always have a choice to make. Don't worry.
Arlo Support

Thanks! That does sound better than we thought before. Hopefully they will really mean it that way so that we CAN use 2FA for an account but we will not NEED it ...

storgeman
Apprentice
Apprentice

We must of gotten somebody's attention concerning 2FA.  

samercer
Initiate
Initiate

I use the web API to download videos before they expire. Requiring 2FA will break that functionality. If an API key can be supplied, that will help alleviate the challenges of 2FA.

friuliveneto
Initiate
Initiate

Looks like it to me.  I just couldn't see myself continuing to use the system if it took that much trouble logging in. If they're concerned about security, they should separate the function of viewing cameras and making changes to the system. Changes should require 2SAuthentication; but not looking at what just sent me an alert.

JessicaP
Arlo Employee Retired

As part of our efforts to continually evolve and further strengthen our privacy and security practices, Arlo announced it will now require all users to use two-factor authentication when logging into their Arlo account. The new security mandate will go into effect for new users in Q2 of 2020, and will require existing Arlo users to enable the feature on their current Arlo accounts by end of year. While Arlo has strongly encouraged its users to enable two-factor authentication since its introduction, Arlo believes requiring this added layer of security is yet another measure we can take to help our users safeguard their accounts and their data.

 

Arlo Team

DominoUK
Star
Star

So you are going to require it? This is ridiculous! Have you read any of our concerns? Will you be improving it so we don't have to re-authenticate every single time on the same browser with the web app?

 

I can't see myself using your products any longer if you force the current 2FA implementation on us.

MichaelUrs
Star
Star

Jessica, that is really bad news. I support using 2FA in general, however everywhere it is something you can enable as a user and it is your own choice, if you want to enable it or not.

 

And even if there is a mandatory 2FA, other websites do have the possibility to use application passwords where a 2FA does not fit.

 

So I really want to know why Arlo does implement that differently from the rest of the world. Don't you trust the security of your own website? Or is there another reason?

 

So far I will not buy additional Arlo equipement (I currently own 3 Arlo pro and three lights), as long it is unclear if I can use it the way I am currentl yusing it.

 

So I really ask again to rethink that decision and either leave it up to the user if 2FA is enabled or introduce some kind of application passwords for authentication.

 

Thank you!

Tranceblast
Star
Star
So your chatt lied me right in the face??

Regarding to Arlo chatt today:

Hi, I got an email that you will activate 2FA by the end of the year. I really hope that arlo reconsider 2FA… If not, I will get rid of all my cameras… Really bad idea to not let user decide for themselves…
Is it possible for you to reconsider?

Arlo:10:27 AM
Thank you for raising that question. The 2FA or most likely called "Two-steps verification, it is actually depending on your decision whether to activate it or not.
The massive email pertaining to 2FA was just a heads-up that we have 2FA feature for reassuring.
Arlo Support

10:30 AM
In the email I received, it says that two-step activation will be turned on automatically by the end of the year

Arlo: 10:32 AM
Yes but you can actually disable that if you don’t want to use that kind of feature.

11:41 AM
Okey so you isn't going to require it? It's a big difference between have a choice and requires

11:43 AM
No, it isn't.

11:43 AM
So I will still have a choice even if that you require it?

11:45 AM
Yes, you do have a choice. The customers always have a choice to make. Don't worry.
ArthurP
Star
Star

So two days ago my scripts that use the Arlo camera API broke and there is no fix.  I got no notification that third party apps would be banned from the platform.  Now during a time of lockdowns I am scrambling to find another security situation to replace Arlo for my second home.  This was a very bad decision.

CuTeBoi
Star
Star

My concern is 3rd party apps have no way to use this system reliably. Most other APIs or web based setups like this use an API key of sorts to bypass authentication. Having these changes occur during a global lockdown is insane, we can't replace our cameras easily. The safety and security of our homes rely on all these interconnected systems, and deploying 2FA without a functional way for an API to connect reliably when there is no network access, or possibly no email access is not very safe for us in these times.

 

I've already lost access to my API due to these changes, you don't offer downloads of our CVR footage through the web app, and worst of all, navigating the timeline is tedious, even if I have a 1gbps network line to most AWS instances, but the instances for our videos are throttled. Downloading makes our time shifting easy and effortless, while the web version is just a flash app that performs poorly.

trajan2
Initiate
Initiate

I can't understand how to make this mandatory. 2FA works terribly as of now and delays the process significantly. This was and should be the user's choice!

george852
Initiate
Initiate

Just wanted to order 2 sets of Arlo Pro2 with 4 cameras each.

Thank God I read that you want to close/drop/F2A the old API before ordering.

Cancelled !

 

Need API as before, or Arlo is useless.

HogRyder
Guide
Guide

As I don't have a texting plan on my phone, I will have to pay for every text for 2-step verification.  This will make my practically ARLO useless to me!  Plus, if someone knocks at my door, I will have to go through all that to see them in real time!  If you insist on 2-step, you should create alternate methods of verification!

 

I spent a lot of money on your product and I think you should considother users besides smart phone junkies!

HogRyder
Guide
Guide

I chatted with an ARLO rep.  The rep told me that 2SV would be MANDATORY at the end of the year!  What say you?

meleu
Tutor
Tutor

I can understand the benefit of 2FA, but please don't make it mandatory, it is such a bad idea.

 

I like the idea of having the ability of 2FA as an option, not as a forced choice!

ag100
Star
Star

Arlo,

 

I understand the need to secure accounts, but please investigate ways to do so without alienating the portion of your user-base who uses API's and other things to interact with our cameras.  It's bad enough that requested features like time-lapse and others haven't been implemented over the years, but to take away functionality from folks who worked to develop it is unnecessary and will only serve to push folks away from your platform.  Thank you.  

the-gooch
Initiate
Initiate

Please leave us the option, this will not solve whatever security issues you are trying to cover up.

stgarrity
Initiate
Initiate

I agree with this -- please don't make this mandatory. I don't have access to my phone / email at work and won't be able to log in or use Arlo anymore. Supporting this is a great idea, but there should be a choice for users.

davemint
Initiate
Initiate

I would also like the option to disable it so I can keep my CCTV setup running (API is broken). You could get everyone to enable it then have a disable option for power users.

raowriter
Tutor
Tutor

Agree it’s a bad idea. Will slow things down too much.

Wallauer
Initiate
Initiate

2FA is always a good idea and I'm a big fan of that, but if this is will be mandatory and not optional (for powerusers and devs) without any possibility to use an API I'll cancel my subscriptions and replace my 8 Arlos with Eufy's.

Please think again about your solution.

 

P.S.: When will html5 replace flash on your webviewer ? 

Datamarc
Initiate
Initiate
When I receive the two factor code via text and go back to the Arlo screen to input the code, Arlo starts all over again and then the code is useless. Anyone know if this is a phone issue or Arlo issue? Makes two factor worthless. Help!
glcjr
Star
Star

So basically this is a big f--- you to everyone that doesn't want to be bothered with this at every single log in. I'm so glad I bought this crap.

 

I enabled this horror of an implementation back when you encouraged everyone to turn it on and lasted two days before I turned it off  because its so idiotic to make someone do it EVERY SINGLE TIME they log in from the SAME DEVICE

 

Since your desecrating the system you should offer a refund to EVERY ONE