Arlo|Smart Home Security|Wireless HD Security Cameras
× Urgent: Activate Two-Step Verification
Arlo requires all users to activate two-step verification to continue to access your recordings, devices, and account.
Please enable this feature now. Learn More.

Re: Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
HogRyder
Guide
Guide

ARLO sucks!  Chatted with them and they don't care what we think!  They ripped me off!

Model: VMB4540 | Arlo Pro 3 SmartHub
HogRyder
Guide
Guide

ARLO doesn't care!

Model: VMB4540 | Arlo Pro 3 SmartHub
glcjr
Star
Star

Ain't that the truth?

 

But it cost them some money. I went from having 5 Arlos to 18 Blinks with 5 of the Blinks being put where Arlos were. If they weren't ridiculous in thinking they need to protect me from myself, the additional Blinks would have been Arlos. 

 

The 5 Arlos are still up elsewhere but when the final nail is put in with their 2 step decision, they'll be taken down or used as decoys.

dcfox1
Master
Master

@glcjr 

Since Blink has 2FA what is different or is it an option?

NoFun
Aspirant
Aspirant

This is definitely going to be the straw that breaks the camel's back for me. It already takes an eternity to log in, wait for the cameras to connect and then actually view them plus with he camera lag there is no way to respond in time to anything... and now throw mandatory 2FA into the mix; not even my bank does that.

It's clear these devices are not made for customers they are made to make money.

 

glcjr
Star
Star

They actually know how to implement it. It only asks the first time you sign in with a device.

 

The downside of Blink is that you can only view the cameras on a phone, tablet or a device that integrates with Alexa and is compatible like Firetv.

 

Another bad thing is that there's no way to share the cameras views with someone else. They have to have the login details.

Chris67
Luminary
Luminary

The point that people are making is that 2FA is required every time one signs in from a PC. A PC is not recognized as a trusted device. Smartphones and tablets however appear to be seen as trusted devices and 2FA is only required on the first instance.

 

I personally use my PC most of the time for viewing my library and quite often for viewing live feeds and it is extremely cumbersome and impractical to have to go through 2FA each time I login. What is the problem with a PC not able to be recognized as a trusted device?

Model: VMB4000 | Arlo Pro/Pro2 Base Station
BigPoppa
Guide
Guide

I too use my PC most of the time and don't want to have to wait for a text message each time.

 

I really can't understand the reluctance to appease the customer base.  It's odd.

 

Model: VMB4500 | Arlo Pro/Pro2 Base Station
oillogger
Apprentice
Apprentice

I totally agree with those being unhappy about the new two step verification.  I also believe Arlo personnel were acting to protect their customers from hackers unless they rather lose customers which would be real stupid.  I fault Arlo personnel for not thinking through their method as well as they should have.  Yes, the two step verification for PC's is a real pain that could make Arlo an useless chunk of equipment for their customers.  If I was Arlo I would respond to all their currently angry customers they were working to make the two step verification process easier for PCs.  One way they could make the process better for PCs is to ask the owner once the first time your cell phone was used to verify your PC if you would like to remember that computer and ask for an code word as an additional step or maybe the picture blocks verification after logging in.  Arlo could save the PC's MAC address so it would know it was an approved PC by the Arlo customer.   During the process for a PC they could go thru some one time extra steps such as also verifying by way of email as well as text message.  What I suggest would only be a one time pain for each PC.  Once setup you only provide login and then code word or picture block.  If that is too much trouble you at least for now do what I do which is use an Amazon Echo (Alexa) device and a IFTTT account to arm/disarm your system by way of your chosen voice commands.  Google Assistance and other devices may work as well.  Hopefully Arlo has figured out their customers are extremely unhappy with Arlo designed two step verification process. 

Model: VMB3500 | Arlo Base Station
EOSJOE
Apprentice
Apprentice

"I totally agree with those being unhappy about the new two step verification.  I also believe Arlo personnel were acting to protect their customers from hackers unless they rather lose customers which would be real stupid.  "

 

There's nothing wrong with extra security for folks that want or need it but what about the vast majority of the rest of us?  Leave the security choice up to the customer. Some folks use their cameras in a shared environment to monitor things for which they have no need for passwords or security. 

 

SCKG
Apprentice
Apprentice

I agree with your suggestion with the caveat that some of us do not use cellphones.  I use my PC for everything.   A text message isn't an option.  Either a telephone call to my landline or an email verification could be alternative options.  

 

 

SCKG
Apprentice
Apprentice

I agree that the customer should be able to make the decision.  The Arlo system is on my home network which is quite secure. 

 

I do have 2 Step Verification for my Wordpress site which uses email or a text message.  I chose email and it was my decision if I even wanted the 2 Step Verification.

 

 

 

 

oillogger
Apprentice
Apprentice

To insure all understand why I meant by picture block verification I have posted the first example I came across.

 

select-all-images.png

Model: VMB3500 | Arlo Base Station
kensington
Initiate
Initiate

We seem to go in circles here ... we simply need 2FA implemented properly:

- Computers can be trusted devices, so 2FA process happens only once per device

- Copy/paste of 2FA code (instead of one form field per character)

- 2FA should not be mandatory until the kinks have been worked out

 

OttToyBoy
Star
Star

@Chris67 wrote:

 Smartphones and tablets however appear to be seen as trusted devices and 2FA is only required on the first instance.


This is not accurate in my experience.  I had to 2FA on an iPad each and every damn time I picked it up to monitor the cameras.  It was simply unusable until I turned off 2FA entirely.  I have been assured by Arlo support that the Arlo Baby cameras will not require 2FA (but I will believe it when I see it...)

Model: ABC1000 | Arlo Baby
OttToyBoy
Star
Star

@kensington wrote:

- 2FA should not be mandatory until the kinks have been worked out


I can't disagree strongly enough with this.  No matter how well implemented 2FA is, it will inevitably be required at exactly the wrong time (for example as your home is being broken into or your elderly mother has fallen or the baby is in danger).  Even a perfect implementation will re-authenticate on a schedule (once per month?  once per year?  It doesn't matter, it will happen.)

 

I need this to be optional.  Period.

Model: ABC1000 | Arlo Baby
nsleigh
Tutor
Tutor

Other thing I have found is that the text message cost me money (and took a long time).

oillogger
Apprentice
Apprentice

I do not mind two step verification for security of our Arlo camera systems as long as they have an easier method.  I also agree in allowing the customer to opt out of the two step verification but to do so I could see Arlo requiring you agree to a liability release statement periodically or at every login.

 

Right now the customers should be pissed.  At the same time, for a quicker solution, it helps to provide them with acceptable to you solutions to ponder.

Model: VMB3500 | Arlo Base Station
EOSJOE
Apprentice
Apprentice

"Other thing I have found is that the text message cost me money (and took a long time)."

 

That's my issue. I only get 200 text messages per month and then I have to start paying per message. In over 12 years I've never gone over 200 because I don't text much.

 

nsleigh
Tutor
Tutor

Inbound shouldn't be chargeable but it seems to cost me because the inbound comes from the US and I am in the UK.

oillogger
Apprentice
Apprentice

Number of text limits and any applicable extra text charges are real issues when using Arlo's two step verification that may not have even considered.  I suggest all affected by those issues firmly making those points to Arlo a few times. 

 

The original beauty of the Arlo camera system is you purchased it, set it up, and never had to pay any other fees unless you chose to.  It appears Arlo is slowly pushing the customer into fee based services. 

 

To increase their declining business the old style wired system providers are now offering access by app but the wired systems still have the risk of local only storage.  I do not know if they charge fees for app access and curious if they do.  

Model: VMB3500 | Arlo Base Station
Oldgeezer56
Guide
Guide

I have tried to use 2FA on my PC but where does it allow you to default to an email instead of SMS which I cannot use due to bad cell coverage?

OttToyBoy
Star
Star

@oillogger wrote:

 I could see Arlo requiring you agree to a liability release statement periodically or at every login.


Liability for what, exactly? Simply document exactly how it works and provide industry-standard security for streaming and then let us decide if it meets our requirements or if we want to turn on optional 2FA.  I hope this isn't something stupid being thrust on the rest of the world due to the overly-litigious U.S. society (apologies for the politics, but it is objectively true...)

Model: ABC1000 | Arlo Baby
EOSJOE
Apprentice
Apprentice

While having the customer agree to a waiver when they disable 2FA instead of at every login makes sense, I can't believe that somewhere within the currently licensing or usage verbiage that Arlo hasn't already included language that protects them from any action due to unauthorized data access.

 

oillogger
Apprentice
Apprentice

I agree with your description "overly-litigious U.S. society" and also do not like it.  Unfortunately that is the world we live in.  Most companies desire to distanced themselves from any risks you decide to take or can be remotely placed on them.   Try reading the pages of disclaimer/warnings for different medicines which pretty well defines "overly-litigious U.S. society".   Also remember to not to thank the woman that sued McDonald's for providing her with hot coffee.

Model: VMB3500 | Arlo Base Station