Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
t0mmel
Initiate
Initiate

Absolutely agree. Two-factor authentication is *not* a better security solution, it's just a variation, and it does not suit everyone, and so it should not be mandatory. You are putting all your eggs in the 2fa system working always, and saying that it's more important to have 2fa, than it is to ensure that users can always login. That is up to the users to decide. I prefer having a password manager with very high entropy passwords, instead of using 2fa. That is my choice. Not arlos.

 

I can ensure you that I am finished with anything that has to do with Arlo if this becomes mandatory.

Gene2916
Star
Star

I have been switching my 6 Arlo cams to Ring and everything is great for me! My opinion is that is Ring is everything Arlo use to be and more!

MikeBravo
Luminary
Luminary
oillogger 
 

 

Apprentice

I have 2FA turned on and it requires a SMS code.  When I logged into my Arlo account I also notice all recording and last camera image was missing.    I did a live view on one of my cameras and afterwards the last image was present for that camera.  It appears Arlo may have been working on the server and did some sort of reset.  Let's hope it was because they were working on our 2FA issues.

 

You might be right. Just yesterday we noticed that several of our cameras had a last image that was a few days old. When we tried to go live wth them, they wouldn't connect, they were dead.

 

After a dreaded reboot of our base station (often this makes it worse and requires several reboots to get ALL the cameras up at the same time) the last camera images caught up (so they must have been still working, just unresonsive to us) and then we could connect.

 

So, if that's what they are doing, fooling around trying to get 2FA to work properly, would it kill them to sent out a blast E-Mail and clue is in?

Arlo, hello?

Dave115
Tutor
Tutor

2FA is a great idea. Lots of companies use it, some are optional that I have used in the past but can't remember which ones.  The web sites I have used authorizes either my PC or phone depending on which one I am using at the time.  Arlo wants to make your PC a pain to use so you will stick with your phone.  That seems to be working on me!  I'll grab my mouse and think about logging in on the PC then quit because of 2FA so I grab my phone and look at my cameras.  How hard is it to authorize a PC everybody does it.  Come on Arlo give us some answers.

oNeRf
Guide
Guide

My Arlo no longer records video on motion or sound dection. I go to this community to find I'm required to setup 2FA. Why? My account is anonymous an I use VPN  to protect my personal privacy. Is Arlo cooperating with the Fed's to spy on my personal matters at home by obtaining my telephone number? Only I should tell myself whether I should turn on 2FA, not Arlo. Either I record video locally from now on or I sell this intrusive junk and buy a different product.

LandJS
Mentor
Mentor

I found that it did recognize my computer, for about two days and then it all went **bleep** up and I do not believe for a min that my pc is more unsafe than my phone, that's BS, your phone is just another computer.  Also what if you gave a family member access are they forced to only use a phone or wait for you to call them with the code ?  The pc does use e-mail as an alternate and it does work but how often does a e-mail go right through ?  This is a security system not a after the fact source.  My phone is already set for fingerprint to access Arlo so unless someone steals my thumb it's as secure as I want it.

Anti-Two-Step-V
Initiate
Initiate

Yes, this happens to me as well. Fortunately I live in New Zealand and I can pack up the system and take it back to the shop for a refund under our consumer guarantee laws. Can you imagine how frustrating it is accessing Arlo with THREE different devices? I was going to put Arlo around my house in Wellington - but I won't be now unless they FIX this issue - it is bad enough with one Arlo account with two step... what will it be like with two accounts on my phones and computers?

.... By the time I find my phone... the window is broken and the TV is gone. Pathetic.

t0mmel
Initiate
Initiate

As mentioned by others, it is a change in the fundamental usage of the system to require 2FA to login. That means that I under danish law will be open to requiring a refund of the product.

 

If this decision to implement and require 2FA, in either Push notification or SMS is forced upon users, making it mandatory, then I will be applying for a full refund of the camera system, claiming under danish consumer protection law, that the products functionality has changed in a way that degrades the usage of the original product.

 

Reverse the decision to make this authentication a mandatory requirement, or the consumers will require refunds of the products.

ChadSmith
Star
Star

Australian Consumer guarantees are pretty clear on this as well. And the only reason I have not acted upon it is that it is not yet mandatory.

 

The first sentence on the page:


Under the Australian Consumer Law, when you buy products and services they come with automatic guarantees that they will work and do what you asked for.

Furthermore, it states:

be fit for the purpose or give the results that you and the business had agreed to


MikeBravo
Luminary
Luminary

Hey, wake up America.

 

New Zealand, a bunch of good folks, took care of their own, why can't we?

 

We need some recourse to unload this junk without taking it in the neck.

MikeBravo
Luminary
Luminary

Great people those Danes.

 

Hey, America, are you listening? 

 

Why can't we be as well protected from unscrupulous businesses?

MikeBravo
Luminary
Luminary

Aussies, world reknown butt kickers.

 

Hey, America, we are we so less worthy of protection?

oillogger
Apprentice
Apprentice

Having consumer guarantee refund laws may be a great idea but it also comes with unwanted baggage.  For the mfg to cover consumer guarantee refund laws such as in New Zealand the mfg must account for the potential income loss and adjust up the cost of the product and associated costs such as in this case monitoring charges.  I am not rooting for either way but as always, "Choose wisely Grasshopper."  New Zealand may be a small enough market share for Arlos there was no price adjustment to cover their laws.

LandJS
Mentor
Mentor

The MFG must account for losses ?  How about the consumer losses when something isn't working as it should, wish we had the same protections here.  Where lemon laws were put in place it made a big difference in how some businesses did business.  If you can't easily access your system, it isn't a security system period.

oillogger
Apprentice
Apprentice

The New Zealand law was not created and imposed by mfg.  Lemon laws do serve a good purpose to assist the customer with the occasionally lemon.  I had a vehicle that took too long for the long list of problems to show up to use our lemon law.  Keeping the vast majority of their customers happy is the direct responsibility of the mfg and associated loses.  A unhappy customer base is usually the result of a poorly run business.

MikeBravo
Luminary
Luminary

Loss or not, they're going to pass any costs on to us no matter.

Erilekn
Apprentice
Apprentice

Hello Arlo! I dont want two step verification. Why do i need it? It just make problems for me!

dshizak
Initiate
Initiate

Just setting up the 2 factor authentication.  Is there any way to send the code to 2 iPhones?  My wife and I both check the cameras throughout the day, and it appears that the codes only go to the primary trusted device (mine) and if we are not together, then she can't view the cameras.    I have both numbers saved as trusted devices, but only one is primary.  Surely i am missing something obvious? 

nsleigh
Guide
Guide

Microsoft urges users to stop using phone-based multi-factor authentication

 

Wouldn't work for everyone but a better solution than SMS.

ChadSmith
Star
Star

And NIST blog clarifies SMS deprecation in wake of media tailspin

"Agency goal is two-factor authentication for all levels of security assurance, but SMS is not on preferred factor list"

LandJS
Mentor
Mentor

dshizak are you both accessing the same account, if so that would likely be the reason.  I gave my wife access permission and she set up her own account.  Remember to give her all permissions if you want her to be able to make changes.  If not you can't both check at the same time without knocking the other off.  We often do in the mornings or when we get a notification and doing so my phone is the primary on my account and hers is the primary on her account so I get a code if I access and she gets a code if she accesses it.

connect8663
Aspirant
Aspirant
Re: Mandatory Two-Step Authentication (Verification) a Bad Idea

Why they ask only for my phone no Not email for verification???!
SCKG
Apprentice
Apprentice

I am now seeing "Error - Token is Expired" "Two-Step Verification" flashing on my screen when I login.  I can still login as normal - without enabling Two-Step Verification.  If they do enforce Two-Step Verification without an option for email I will be unable to use the system.  I do not use a mobile phone. 

 

Million dollar question:  Will Arlo address the hundreds of customer complaints, Better Business complaints, etc.?  Or are we venting for naught in the etherspace?

Gene2916
Star
Star

It looks like a class action suit coming!