Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
jankyupeblik
Guide
Guide

Haven't enabled 2FA.

Looking forward to my Arlo cameras continuing to work as "well" as they normally do tomorrow, or...

...getting several hundred dollars refunded to me (and your company being at fault should anything a functioning security camera system might have mitigated occur during any interim period). 😃

It's up to you, Arlo Technologies, Inc..
If you think I'm simply going to eat an investment of several hundred dollars, you are sorely mistaken.

Mr_Apnea
Aspirant
Aspirant

Found this community to see how people are dealing with the mandatory 2 step authentication.  Looks like Arlo boned us.

I went ahead and activated it and confirmed that it wanted a verification code with every web login via text or email.  I left it activated since I assume we have no choice now.

 

Success

I then tried something that I hope still works tomorrow and stays that way and makes this painless for me.

I granted access to a secondary email address and set up the account for it (email address and password).  See the option under settings called GRANT ACCESS.   I opened up a new web browser.  Only needed the email address and password to get on.  No request for a verification code.  Good enough for me to watch my videos easily. 

jankyupeblik
Guide
Guide
Still working without having opted into 2FA so far.

Haven't been logged out and had to log back in yet, though.
EOSJOE
Apprentice
Apprentice

>  Still working without having opted into 2FA so far.

> Haven't been logged out and had to log back in yet, though.

 

I've been logging in and out from my PC all morning, accessing both the cloud and camera live-view. No changes so far.

 

ScottSAZ
Tutor
Tutor

When 2FA is enforced as mandatory I plan to open a support ticket to complain. I suggest everyone do the same as well as report this to the BBB.

SCKG
Apprentice
Apprentice

👍

dcfox1
Master
Master

Not sure if it wasn't implemented yet today but for anyone who had it on before, are they able to turn it off. I had it off and it is still off. Just curious. 

SCKG
Apprentice
Apprentice

Yes, my setting is still in the OFF position - not enabled.

dcfox1
Master
Master

I was referring to if it was on and can they still turn it off. I had mine off like you and stayed off. 

storgeman
Apprentice
Apprentice

No 2step verification here in AZ.   This is interesting, maybe they had a change of heart, or they are waiting for End of Year.    But I'm not switching.

 

 

RandyQUATTRO
Star
Star
So I posted about this on their Facebook page and received a response that existing users have until the end of the year and this was supposedly just for new members. Doesn’t make sense to me, but I did not enable and my system is functioning as normal.
CCNE37
Apprentice
Apprentice

I am in Australia, so we ticked over to 1st October 2 days ago. The only "change" I have seen is that it asked me to enter my password yesterday morning (1st) whereas my password is usually pre-filled/remembered by Firefox.

 

I entered the password and it logged in as normal, and this morning it was as normal. I have also logged in via my iPhone (which of course logs the desktop out), and logged back in on desktop as normal.

 

I had enabled 2FA on 30th, and after the useless waste of time with online chat I disabled it again (still on 30th), and haven't been asked for anything so far.

SCKG
Apprentice
Apprentice

I sent Digital Trends a link to this forum.  In September 2020 they rated the Arlo Pro 3 Security Camera System as the Best Security Camera System:  

 https://www.digitaltrends.com/home/best-security-camera-systems-for-small-businesses/

 

I thought it may be informative to share how Arlo customers rate their customer service....

jankyupeblik
Guide
Guide

> existing users have until the end of the year

 

If that's true, then Arlo has until the end of the year to figure out how to convince a judge that I signed off on a condition that was completely and utterly not present during my purchase, or even many many months afterward, which is fundamentally not required for the purpose or utilization of the product, as evidenced by the fact that I'm not using it, never have used it, and never will use it.

 

Or, they can give up on this nonsense and spend their time on making the software less buggy or something instead.

Mr_Apnea
Aspirant
Aspirant

 I'm staying with enabled 2FA.  Grant access to another is working fine and doesn't require verification.  Elderly mother can use the web brower now without trouble and so can I, so I'm staying put and leaving the primary account as 2FA - issue is invisible to me now.  I can handle 2FA on the primary login fine since I don't need to go there very often.  Hoping and expecting to be able to avoid the drama on 12/31/20

Macahi
Apprentice
Apprentice

I enabled 2FA last week Fri, then had my long, pointless chat with their support (see my post a few pages back).  At that point I disabled it.  Each time I loaded the app on my phone, it still prompted me to enable 2FA.  The magical date has come (and while it's not over yet) seems to have passed without enforcing the required 2FA.  I am also no longer getting prompted to turn it on/enable it.

 

I think the face book post referred to by @RandyQUATTRO is BS.  This is the first time anyone has mentioned EOY.  I think they're playing CYA.

 

If they have changed their minds and aren't enforcing the 2FA as of today, there's been zero communication about it.  Status quo.

RandyQUATTRO
Star
Star
@Macahi

I thought that it was a strange response as well. What’s weird though is that this was 2 weeks ago. Screen shot attached. Many more potential customers reading their Facebook post so agree, CYA.

1CDD19A2-C844-450E-BB0E-567B328AB53E.png
DanielRK
Tutor
Tutor

Once again Arlo is making this system worse, and doesn't give a damn about their customers complain.

I should never have, and will not buy anything sold by them again.!!!

dcfox1
Master
Master

Screenshot (15).pngNow I  just the amber or as some see as orange that 2FA will start Oct 31. 

SCKG
Apprentice
Apprentice

Is this alert on the app?  I only use my laptop and do not see an alert.

dcfox1
Master
Master

I have it on the web portal. Even here in forum i get it on tablet  I have not seen it yet on app. Guess mods are gone for the weekend to approve the upload pic of it. 

kheland
Aspirant
Aspirant

I agree that mandatory 2-step verification is a bad idea especially since I can save my laptop as a trusted device. But I was completed locked out on my laptop after I set up 2-step on my iPad and save my iPad and other mobile devices as trusted devices. Arlo chat really couldn't help me resolve the problem, but I did a little troubleshooting and here's my solution:

I fixed the problem myself by doing the following: I disabled 2-step verification on my iPad. Then I deleted all the trusted devices and my cell phone in the settings. Then I enabled 2-step on my iPad, and added my cell phone as the first authentication process - i.e. the Primary. Then proceeded to save my iPad, my wife's iPad, and both our cell phones as trusted devices. I had to turn on notifications in each of those devices to do that, but once they were accepted I was able to turn off the notifications. Now it is working the way I want - I get cell phone notifications when I try to login from a non-trusted device. I don't mind having to use the cell phone to verify on my iPad, since I am used to doing that with financial websites, etc. 

MikeBravo
Luminary
Luminary

Can you imagine GM, Ford, Chrysler, etc. telling you suddenly that before you can drive your car, you have to reprogram the car's computer? Well, wait I have the key fob, why am I.......

 

It's sad and pathetic that you had to go through all that just to use something you have used successfully (tongue in cheek there) and all of sudden, for NO APPARENT REASON, you are now restricted in ways you find no good reason for. 

 

WE'RE STILL WAITING FOR ARLO\NETGEAR TO PROVIDE ANY REASON OTHER THAN SOME SUPERNUMERARY EXECUTIVE CAME UP WITH THE FIRST IDEA OF HIS\HER LIFE AS TO WHY SUDDENLY WHY ARE BEING FORCED TO DO SOMETHING WE DON'T BELIEVE WE NEED-----PARTICULARLY WHEN IT DOESN'T EVEN WORK CORRECTLY.

 

You know, Comcast, Dell, GM, Medicare, Amazon, Google, etc. have no problem sending out blast e-mails to its customers to update them on important issues. 

Why can't Arlo\Netgear????

CCNE37
Apprentice
Apprentice

I don't really have a huge problem with Arlo implementing 2FA. PLENTY of other companies / system force you into it, including banks.

 

It is really all about the execution of HOW they implement 2FA, not IF they implement 2FA. Every other system I use that has 2FA allows you to authorise a device as trusted and the system remembers it, so that every time you use that device going forward there is NIL interference. This is not the case with Arlo's implementation of 2FA, and that is the real issue.

 

I actually find it quite ironic that Arlo is implementing 2FA to improve the integrity of the security system - after completely wrecking the actual usefulness of the Arlo Pro2 (and other) camera systems as a security device through their excessive reduction of the bitrate to a point where the video files are so poor that they are useless for security purposes.

 

If they really want to enhance the integrity and usefulness of their camera systems, then take the bitrate back to where it was a couple of years ago - where the videos could actually be used for security purposes.

 

And for the record, this has nothing to do with Netgear AFAIK. Arlo parted ways with Netgear some time ago, and all things Arlo have gone down the toilet since that happened.

MikeBravo
Luminary
Luminary

Agree with you completely on the loss of video quality and Arlo's incredibly tone deaf priorities.

 

However, of all the companies we deal with either on the Interent or over the telephone, only a handful (and they started out that way) insist on 2FA. As a matter of course, we embrace 2FA for all financial access, but my point with Arlo is that we believe that this is a solution looking for a problem that doesn't exist.

 

We suppose someone could use access to determine if someone home for criminal purposes and if that's the case Arlo should inform us if they are receieving many complaints.

 

Other than that, we reiterate our belief that Arlo could avoid a great many complaints if they would merely notify us via e-mail as most other reputable companies do as to changes in things and rationales for why they are doing it.