Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
storgeman
Apprentice
Apprentice

I have to agree totally.  My bitrate is ZERO !  For the past 2 weeks I have not been able to view any one of my library (ie their server where the videos are kept) on any device other than my phone.   Phone app works great.   Nothing on my desktop if viewable (Other than a live view), it just keeps saying its "LOADING"  with the spinning wheel.   Was going to report my problem, but I'm getting to close to fill my garbage can with arlo products and do a replacement.    Sad situation as it is.  

MikalB
Guide
Guide

Same here too.  Some of my cameras were barely working adequately before but for the past two weeks these cameras will not work at all.  Only green pixilated images that only record 2-5 seconds.  They simply will not function anymore.  My Arlo Go just stopped working altogether so I canceled that service and my 19 other cameras are slowly failing.  

 

I am testing a couple other brands right now so as soon as I figure out which company I want to go with I will be dumping the Arlos.  I just need to test a little longer before I make the investment.

dcfox1
Master
Master

This is the 2FA thread. There is one for the pixel problems and green screen or you can start a new one. 

ant
Mentor
Mentor

@dcfox1 wrote:

Screenshot (15).pngNow I  just the amber or as some see as orange that 2FA will start Oct 31. 


From my iOS app earlier today. 😞

ant
Mentor
Mentor

@Retired_Member wrote:
I use cron to run a Python script daily to automatically check the battery level of my Pro 3 cameras and send me an email if the level drops below 20 percent. This will not be possible if mandatory 2FA is implemented. Please keep it optional.

Ooh, can you please kindly show us your script?

MikeBravo
Luminary
Luminary
 

 

 
ant 
 

 

 
Prodigy
@rc7009 wrote:
I use cron to run a Python script daily to automatically check the battery level of my Pro 3 cameras and send me an email if the level drops below 20 percent. This will not be possible if mandatory 2FA is implemented. Please keep it optional.

Ooh, can you please kindly show us your script?

 

Hell, I'd pay for the thing and install instructions.

Retired_Member
Not applicable

I used the arlo package written by Jeffrey D. Walter to write the below script. Actually, I used his script as seen on the web page as the starting point for my script.   Below is a working though slightly modified script of what I use at home. I wrote the below code on a Linux Mint 19.2 system but also tested it on an Apple Mac running Catalina Version 10.15.7 and Windows 10. Insure the first line of the script points to the actual path of your python executable for Linux and Mac. In Windows 10 because I had the python's executable path in the env path the first line of the script is ignored. Because both Linux and Mac come with python installed I did not have to install it or the pip tool which is used to install python packages such as arlo. With Windows 10 I had to install python and then update the env path to both python and pip. Once that was done I installed the arlo package on each of the 3 systems (Linux, Mac, and Windows) by running the following command: pip3 install arlo

 

Note: If Arlo changes the name of 'batteryLevel' to something different or in any way changes the format of their data returned by GetCameraState() function this script will break. I say this as I have in the past had these types of issues with other programs when their returned data format changed. Also, if Arlo forces its users to use 2FA this script will be rendered useless 😞

-------------------------------------------------------------------------------------

#!/usr/bin/python3

 

# Get the battery level for each camera and display on screen.

import os
from arlo import Arlo

 

USERNAME = ''
PASSWORD = ''

 

try:
   arlo = Arlo(USERNAME, PASSWORD)

   device = arlo.GetDevice('Arlo Camera Hub')
   cameraData = str(arlo.GetCameraState(device))
 

   # Get the 1st 'batteryLevel' from the cameraData string.

   indx = cameraData.index('batteryLevel')
   tmp = cameraData[indx+15:indx+18]
   hallCameraBatteryLevel = int("".join(filter(str.isdigit, tmp)))
   print(hallCameraBatteryLevel)

 

   # Get the 2nd 'batteryLevel' from the cameraData string.

   # Notice I added the previous indx+18 to the following line    # to get the next 'batteryLevel' from the camerData string.    # You would use the same indx+18 for the 3rd, 4th, etc cameras.

   indx = cameraData.index('batteryLevel', indx+18)
   tmp = cameraData[indx+15:indx+18]
   denCameraBatteryLevel = int("".join(filter(str.isdigit, tmp)))
   print(denCameraBatteryLevel)
except Exception as e:
   os.system("echo %s|mail -s 'Arlo issue. Check myarlo.py.' my_email@gmail.com" % e)

-------------------------------------------------------------------------------------

meltaxa
Initiate
Initiate

I leverage the fantastic Python Arlo libraries written by the community to secure my home. In fact, the Arlo camera + Python scripts have saved my home from a burglar. I've written and endorsed my Arlo setup which has attracted viral attention on Reddit: https://www.reddit.com/r/raspberry_pi/comments/j4386d/how_my_raspberry_pi_chat_bot_prevented_a_burgl....

 

Enforcing MFA will render my python scripts useless. I will have to resort to finding an alternative security camera system that embraces API and community support, and update the article accordingly. 

 

Since I'm here, can anyone suggest an alternative competitor, preferably that can communicate via a Python API library ? 😉

j_hoekstra
Aspirant
Aspirant

Please make it optional or provide means for using API credentials or app-passwords.

StuartElliott
Tutor
Tutor

Where's the offline method, such as Google Authenticator/Authy?  I don't want to give you my mobile number or have to wait an age for emails, just so I can look at my bloody cameras ?

Pete811
Initiate
Initiate

Is there any way to use e-mailas basic verification?

RobertSF
Star
Star

I see no other replies to your question, but I can say that I have the same problem.  My understanding was that the system would only ask for the two step verification if you were signing in from a device it didn't recognize. Well, I have been signing in from the same device every time, and it still keeps making me enter the verification code.  This is ridiculous.  I think that there is a problem with this new method that I hope that ARLO will fix ASAP.

Oldgeezer56
Guide
Guide

My PC requires me to get an email each time I login but my tablet is a trusted device and does not need verification each time.

oillogger
Apprentice
Apprentice

If I was Arlo I would have:

1. The ability for more than one phone number to verify the account login.

2.  The ability to pick from list of authorized emails for alternate authorization.

3.  Use the MAC addresses of verified devices to no longer require the authorization step.  Bypasses the popular issue of someone using a VPN.

 

Of course there should be some limitations for the number of phone numbers, emails, and devices.

MikeBravo
Luminary
Luminary

MAC addresses are no good for verification. They can be too easily spoofed.

oillogger
Apprentice
Apprentice

MAC addresses are unique to hardware but plausible they could be spoofed.   So how is Arlo determining verified devices?  Regardless we need the ability to identify our secure device so as not to require the two step verification process.  I also say let us decide if we want the extra risk of not having a two step verification login process even if we have to agree to an disclaimer.  My Arlo cameras are for the low tech, quick rewards, snatch and grab, criminals that want TVs, jewelry, small amount of cash, etc. so what I am only protecting would have little impact and some items would require an lengthy detailed search to find if ever found.   Of course physical harm is the main concern and I rather not be home at the time they decide to visit me.  My Arlo system is about alerting me and providing evidence to catch the snatch and grab criminals.  Since we are not on a hit list the smart criminals would only go after my other assets which are not at home.  If an smart criminal were to breach the original security on my Arlo cameras they would either soon die of boredom listening to us or go blind looking at our ugly butts.  It would be an fruitless effort on their part.  If I was concerned about the smart criminals breaking into my home I would have a much better and way more expensive security system than Arlo.

MikeBravo
Luminary
Luminary

We can only assume that they have developed lawsuit aversion. Perhaps they fear being sued if their buggy software can be easily breached and be used by criminals to determine if someone is home or not and\or if folks are using their arlo cameras indoor, as a way to learn the layout of a residence prior to a breaking in.

 

It's plausible that if someone can  breach the software, that they could override and turn it off altogether to avoid identification upon breaking in.

oillogger
Apprentice
Apprentice

Most of the homes that would interest an criminal that would hack your Arlo system will have a much better security system tying together cameras, wired window/door detection, wired motion detectors, wire fire sensors, wired glass breakage,  lights, battery backup, service interruption detection, wireless calling for alerts, 24/7 remote monitoring, etc.

dcfox1
Master
Master

@oillogger The 2FA is coming and other brands already have it or are going to it no matter if we like it or not. I'm not a fan of it but it is where we are in internet security. I had Ring and it was the same as Arlo but started earlier this year.

OttToyBoy
Star
Star

@dcfox1 wrote:

@oillogger [all cameras are] going to it no matter if we like it or not.


Personally, I'm not a big fan of this line of thinking. 2FA will fundamentally change the usefulness of these cameras. I need to have quick, easy, foolproof access to my cameras prioritized over adding an arbitrary security protocol that will inevitably block my access when I need it the most.

 

We consumers need to make our voices heard -- and keep making them heard Companies can and do react to customer feedback especially if it affects the bottom line.

 

The "solution" to this supposed security issue is worse than the problem - it renders the cameras useless for many of the functions that users traditionally use them for!   Although we're all just guessing what the "security problem" is since  Arlo hasn't even stated what it is that they're trying to address/solve. 

 

Perhaps we should be able to opt out of any cloud storage manged by Arlo.  Perhaps we need to have the ability to have local-only access to our cameras.  There are many ways to solve whatever security issue Arlo is trying to solve. 

 

They should have consulted with their customers before implementing this draconian measure and, at minimum, they should have grandfathered those of us who already owned any of their products and allowed us to opt out of 2FA so that we could the cameras for the purpose that we bought them for!

 

P.

Chris67
Luminary
Luminary
OttToyBoy , I totally agree with all your comments.

I have recently received and read Arlo’s revised Terms of Service dated August 26, 2020.

It states “Registration of your Arlo System is required. To register, you must provide and maintain accurate information, which may include: (i) your name (ii) your system identification number and (iii) an e-mail address.”

Interestingly, nowhere in the Terms of Service is provision of a phone number a requirement. 




 

ChadSmith
Star
Star

@Chris67 wrote:

Interestingly, nowhere in the Terms of Service is provision of a phone number a requirement. 




And, it doesn't require your phone number in your Arlo profile. But an email is required.

So why can't we use an email as a primary 2FA or Auth app instead of SMS? Because SMS is data capture by stealth under the guise of "security".

Retired_Member
Not applicable

I was forced to enable the Two-Step Authentication today on my phone and go figure it has a major flaw.  I see that I am not the only one having issues with getting my computer to be a trusted device on My Arlo account.  I cannot login unless I "Allow" it through a notification on my phone, and that is each and every time I login to My Arlo with my computer.  I am a single father with 2 kids, 12 and 14.  I assume they are going to have similar issues with their laptops at home and I have yet to get their phones setup as a trusted device.  The added layer of protection to my account is not worth the added amount of time it takes me to login if an intruder sets off my alarm.  The intruder would be in my house before the kids and I could get logged into My Arlo to see what tripped the alarm. 

 

Also, regarding the last upgrade to my Base Station.  Yes I know my damn camera's don't have AC power.  That is why I bought the wireless rechargeable camera system Arlo offers.  I don't need the warning "AC power has been disconnected from your Arlo device.  Activity Zones are currently disabled." displaying on all my cameras when I first log in to My Arlo.  Both these issues need corrected immediately.           

oillogger
Apprentice
Apprentice

AMEN!!! Unfortunately it looks like you are only preaching to us in choir as it appears the Arlo folks are not listening since we do not get much in the way of responses or concern from them.  The alerts you are getting should have been eliminated with basic testing before the software was released.  It appears Arlo has decided in an Soviet style their changes are the future way without exceptions nor adjustments regardless of the user/customer issues and complaints.  I really hope I am proven wrong and get to continue my five years of history of being a loyal fan of the Arlo system. 

MikeBravo
Luminary
Luminary

Take heart brothers and sisters in arms!

 

The technology is maturing. Even HP has gotten into the act with a Go Pro style cam of their own.

 

This is what Apple did the first time around that nearly drove them into bankruptcy until Jobs rescued them. 

 

The parent comapy, Netgear's line is suffering as well.