Re: Mandatory Two-Step Authentication (Verification) a Bad Idea
I created a 2-step verification but cannot "remove phone number/device" from my.arlo.com as the article suggests. I need to turn off 2-step verification just to be able to login to view my cameras and activate/deactivate them. If 2-step is mandatory after Sept. 2020 i could live with email code but now the phone dings every time I want to login unless I disable the process! W.T.F?
This has to be the worst implementation of 2FA I've ever seen (retired IT Admin, S&P500 corporate). First of all, every time?? Secondly, I'm not atypical in that both my spouse and I use such from different locations on different devices at different times. I spent the Spring sequestered in Japan (Covid) as she was stateside. I see no way your current plans for 2FA would have been anything other than another nightmare in such a similar scenario. Adding another cumbersome implementation to using your product in such a diverse atmosphere is just absurd. Before you force this upon us in five weeks, please revisit the issue and institute a workable 2FA.
Ditto. 2FA should be optional like it had. I was going to try it before 9/30/2020 deadline that I got via e-mail, but it wanted a mobile phone number. https://kb.arlo.com/000062288/What-is-two-step-verification-and-how-do-I-set-it-up says I can do push notifications and e-mails instead. Where are those options? I don't see it in my my.arlo.com web site account when enabling 2FA. 😞
Thank you for reading and hopefully answering soon.
This is what arlos email says:
"By the end of the year, Arlo will require all users to enable two-step verification. We strongly encourage you to enable this feature now for added security."
Sounds like arlo make users to use two-step verification.
Arlo changed its deadline date to to 9/30/2020 from its email@example.com's 5:06 AM PDT e-mail:
At Arlo, our goal is to keep your personal information private and secure—that's why we support industry standards for data protection, like two-step verification.
By September 30, 2020, Arlo will require all users to enable two-step verification: an added layer of account security to verify that it’s really you, even if someone knows your password. Once authenticated, Arlo will verify your identity any time you sign in with a new device, to prevent unauthorized users from accessing your information.
We strongly encourage you to enable this feature now to continue to access to your recordings, devices, and accounts.
Go to your Arlo settings > Profile > Login settings > Two-Step Verification and follow the prompts.
Once authenticated, Arlo will verify your identity anytime you sign in with a new device, to prevent unauthorized users from accessing your information.
To get started, click "Learn More" below.
-The Arlo Team..."
Its "Learn More" link redirects to https://kb.arlo.com/000062288/What-is-two-step-verification-and-how-do-I-set-it-up.
I wanted to enable it, but it wants my mobile phone # 2 SMS me? Um, I don't want that. It said I can do push notifications and e-mails. Where are those options? I don't see it in my my.arlo.com web site account when enabling 2FA.
I bit the bullet, and signed up for 2-factor.
So far, only had to put in a code once.
Looks like it is just when you use a new device.
So, only phone number for 2FA when enabling it though? It asks for a mobile # 2 SMS.
As previously mentioned I disagree with the approach Arlo is taking with 2 factor authentication. This should be opt-in or at the very minimum allow trusted devices.
The 2FA changes as they are will make the product/service behave significantly differently than it did when purchased and as a result it will no longer be fit for the purpose for which I purchased this.
Fortunately in New Zealand we have relatively strong consumer protection laws (I know Australia also has similar laws). Which provide a level of protection to consumers when purchasing products, this includes guarantees that products and services must be fit for the purpose for which they were purchased.
Exactly. I'm in Australia and will be contacting the ACCC if this goes ahead.
I have already sent a strongly worded email through to Arlo support about this proposed change.
The pitch is that 2-step verification will only be needed when one tries to logon from a new device. Well, I turned it on and now I have to go through the 2-step process each time I log on from my home PC - and that's without my VPN active. This makes logging on too time consuming, as I don't keep my cell phone on when I am at home. Definitely a bad idea as currently implemented.
So what steps can we as Arlo customers take? Can we institute a write-in or email campaign to Arlo stating our objection and that these changes will force us to dump the product and purchase something else?
Who should we contact? It seems obvious they don't read these forums.
After the Arlo Expert dropped me from the online chat, I requested via the Arlo case name that a manager contact me to discuss if an email option will be available for those Arlo customers, like me who do not use a cellphone/text messaging. From the comments per this forum regarding the lack of Arlo customer service I suspect that isn't going to happen.
I do like the suggestion from a New Zealand user who recommends checking the consumer protection laws. I will file a complaint with the Federal Trade Commission/Bureau of Consumer Protection https://www.ftc.gov/about-ftc/bureaus-offices/bureau-consumer-protection; the Better Business Bureau; AARP; Consumer Reports and my state senators and representatives if necessary. This new policy is discriminatory and an unnecessary cost for prior Arlo customers when a cellphone was not required when the product was purchased. It is a particular hardship for older customers, like me. I am 70 years old caring for a 76 year old partner.
I hope that Arlo addresses these concerns.
Well since I really don't "own" my arlo system, it seems that arlo and netgear do, as Now I am forced to use the two step verification where I really do not need it for two outside cameras. I can understand where someone would use a baby monitor or cameras inside their residence might need a two step security login, I'm going to sell what I have and get a different type.
1) There is NO way to opt out of this.
2) So what are they gonna do to complicate things if I want to view something from my phone, send me a text message to get a code to log in?
3) There used to be a function to notify via a text message if a camera activated, I turned it off after the first month because it was a nuisance, always triggering, once by a bird. Then when I wanted to turn it on to watch for a delivery in COVID-19 conditions, guess what, no longer available.
4) This two step verification will make it too complicated and bothersome.
Why, let me give you an example.
I have an account at Blue Cross / Blue Shield. I try to log into "My Blue" but I need a verification code, they send one to my email, I use the six digit code, they say we will remember your computer for four months, I log out, the same day I try to log in again, but no.... they must send me a new code and the same routine and if I try to log in again, the same...
Why, to help stop tracking my computer erases cookies and cache every time I leave Firefox.
5) It's bad enough that one can not contact anyone at "arlo" but if you have questions, see the forum. Jeepers, they do not support their own products, they rely on forum members to answer questions and sometimes they are wrong!
If I can't sell it on Ebay I will trash it as I got my five years use out of it or my money's worth.
Thanks for this information. In my app it looks like there is one additional step:
Login in --> Settings --> Profile --> Login Settings --> Two-step verification --> slide switch at top to disable.
Later today I will set up two-step and then see if I can disable it. Sure hope it works because this would basically render this thing useless for my family. We use Arlo to keep an eye on elderly parents. Me and my sibs log in to check them at different times of the day. There's no way to use two-step authentication across several different users since they all have different cellphone numbers.
... We use Arlo to keep an eye on elderly parents. Me and my sibs log in to check them at different times of the day....
This is exactly my scenario as well. If 2FA is implemented in any way, our use case will be nullified. This *needs* to be a user choice otherwise our Arlo devices will become landfill. (If anyone can recommend a good alternative [in our case needs to be wireless, able to be battery powered for short periods, viewable by multiple people, motion sensing], please post here...)
Also to folk who have mentioned that they've been able to 2FA their devices just once, I suggest it might be because you are not following other best-practice security protocols (such as clearing browser cookies and other tracking data after each session or blocking them from the start or you're not logging off your device when not in use, etc..) Ironically, those of us who already go the extra mile to secure our devices and systems might be most affected by this 2FA requirement forcing us to loosen our otherwise excellent device security just to accommodate Arlo.
I just filed a complaint with the Federal Trade Commission Bureau of Consumer Protection as well as the Better Business Bureau. Arlo Technologies has an F Rating with the Better Business Bureau...
To file a complaint with the Federal Trade Commission Bureau of Consumer Protection:
To file a complaint with the Better Business Bureau:
The Arlo Technologies company profile information to file the FTC complaint can be found here: https://www.bloomberg.com/profile/company/ARLO:US
SCKG - Thank you for providing these links. I just filed a complaint with the FCC and BBB. Hopefully, this will get Arlo's attention.
I thought I'd try 2FA - I am in the UK the SMS message takes forever to arrive, if it arrives at all. Anyone else see this?
I really hope this doesn't become mandatory.
As I purchased my system on Amazon, I just went there and gave a One-Star review and warned buyers to review this forum about Two-Step Verification prior to purchase. Typically, amazon reviews of on;y one star does get the sellers attention.
This is NUTS Arlo. A complete fiasco AGAIN. Everytime you implement a change, you stuff it up. Having 2-Step Verification every time I log in from my desktop is impractical. My Windows desktop should be able to be identified as a trusted device. I already have had to log into windows with a security code so my DESKTOP IS SECURE.
It appears that you are making this requirement mandatory at the end of September. Fine as an option, but PLEASE don't make it a requirement. From my perspective it is not needed and I don't want it.
Totally agree Chris K... this is a total pain in the ass...don't tell me that every time I need to activate my cameras I will have to wait for a SMS to my mobile...NO WAY. Sometimes I an in remote locations with no wi fi or mobile signal.
If this is the case will be dumping ARLO and seeking alternative.. totally ridiculous and over reaction to security risks which I can cover off myself with out all this over kill.
You're right Bakker, it is over kill. We turned it on, can't use it if it won't maintain the "trusted devices" as a part of our profile record with Arlo. We have family members that monitor the activity on our three camera's throughout the day and we should only have to set up "trusted devices" once, not every time anyone logs in. We have now turned this "exhausting new feature" off. It is painfully obvious that the term "fully tested" may be confusing for someone that has a Software Engineering Manager breathing down their neck to get the latest update released as the new release is one of that departments performance parameters on the books with their CIO. We thought we would be safer by installing your nifty Arlo camera's, but apparently your Board of Director's are more interested in their "performance parameters" than our collective safety. We no longer feel safe.
I'm another person that uses the Arlo API. If that breaks with two-step authentication I'll drop Arlo and move to a RaspberryPi based solution.
It seems strange, normally a company would jump at the chance to build brand loyalty and create stickiness by opening up the platform. Really surprising that this 173 message thread has zero response from Arlo addressing the community's issues. Not a confidence builder.
Apple TV App
Applications mobile et en ligne
Arlo Mobile App
Arlo Pro 2
Arlo Q (Plus)
Arlo Web and Mobile Apps
Before You Buy
Détection de mouvements
Firmware Release Notes
IFTTT (If This Then That)
Modes and Rules
Online and Mobile Apps
Online und mobile Apps
Service and Storage
Warranty & Contracts