Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
SCKG
Apprentice
Apprentice

Please don't pick on the hillbillies!    

Hillbilly.jpg

 

oillogger
Apprentice
Apprentice

Please pass the jug this way and quit hogging it.

SCKG
Apprentice
Apprentice

😂

Gene2916
Star
Star

I gave up and switched all 6 of my Arlo cameras to Ring. Everything is now working great! What a waste of my Arlo cams!

 

MikeBravo
Luminary
Luminary
 

 

 
SCKG 
 

 

 
Apprentice

Please don't pick on the hillbillies!    

 

 

I'm not picking on them! They are great folks. They're just not generally noted for their technical prowess.

 

Same as Arlo.

oillogger
Apprentice
Apprentice

 Gene2916, With the Ring are you paying any fees?  If so about what are their rates?

Gene2916
Star
Star

Yes but it is a little less than I am paying Arlo.

CCNE37
Apprentice
Apprentice

I am interested in the Ring option.

 

One thing that interests me in particular is the scheduling ability. I use a lot of "Modes" for each camera and use the schedule to turn the 5 cameras on and off depending on time of day etc - for example, if we are home during the day only the front door is active, home in the evening only the outdoor cameras, and then through the night all are active. This is something that Arlo can do quite well, so I am interested in how well others (like Ring or Eufy) manage this.

caboy123
Tutor
Tutor

Does it seem like Arlo is intentionally trying to irritate customers to kill the product?

 

This product is becoming more and more unusable. It seems like Arlo management completely and willfully ignores feedback from customers on this forum. See the 300+ page thread on Arlo forcing 2fa, when no-one seems to want it. Also forcing the geofencing alerts to be always on too.

 

People on this forum are saying they are ditching the Arlo and asking for advise on which competitors product is better.

 

Is Arlo losing more money than they thought they would from providing free video archiving?

 

If we bought the product with one understanding and expectation, and Arlo has since changed that, is that grounds for a class action lawsuit?

 

ant
Mentor
Mentor

Does Ring requires subscriptions?

 

I finally tried 2FA in my iPhones and got already annoyed:

1. 30 seconds to approve in iPhones. This is too short! I'm old and slow.
2. I can't copy and paste from my Arlo's code e-mail to Firefox v82.0.2 web browser. I had to type this in. At least, no timer.

oillogger
Apprentice
Apprentice

1.  At least the short 30 second time limit should be an easy fix by Arlo.

2.  I have this issue at times when copying pictures or text.  When right clicking and copying with the mouse does not work  sometimes the keyboard commands will.  Also some websites will prevent you from copying their material.

ChadSmith
Star
Star
With the activation deadline expired, I see that I can still login without needing 2FA activated.
I wonder if they were bluffing, or incompetent.
Macahi
Apprentice
Apprentice

@ChadSmith 

It was never a bluff.  Maybe they're taking the outcry seriously, or they've realized for the 2nd time that they haven't addressed everything they need to in order to make it successful. 

 

What the community has asked for isn't unreasonable. 

  • the option of enabling or not
  • full support for browser as an authorized device
  • Push, email and text as options for the one-time device authorization.

As has become the norm however, Arlo communicates nothing to their users.  We're again left to guess what's going on.  That's one of their biggest problems.  Their other being some really bad UX designers.

stevespalding1
Guide
Guide

@Macahi The lack of communication is it would seem not limited to their customers. I have spoken to their technical support on a couple of occassions concerning the issue of their inadequate 2FA implementation and their own people aren't even kept in the loop. They are aware it's an issue from the amount of calls they get which are on this topic, but they have no useful information other than "to wait".  I'm done waiting. 

 

I tried the Amazon Blink XT2 after I found out about the news about the Arlo 2FA implementation some months ago and can confirm that the Blink XT2 is unreliable for my use case and a very poor alternative indeed.

 

Honestly, the lack of communication from Arlo and the conflicting messages from the app / web portal are going to push me at least to a less technical solution. I have had a need to expand my system for a while now but thankfully became aware of the issues with Arlo before throwing more money their way. Needless to say the way Arlo have handled this has cost them any future business from me. 

 

Once it's possible to get people out to do site surveys, I expect I will ditch Arlo and move to a wired camera system where *I* have complete control over the equipment and storage.

 

Amazon have back-tracked on their free cloud storage (as limited as it was, to 2 hours this is still a major betrayal as far as I'm concerned) for new devices and are yet to release a local storage option. There is nothing to stop companies such as Arlo, Amazon and any other similar cloud based service, screwing over their customers.  I personally feel it's time to cut my losses and look elsewhere.

 

The long and short of this entire 2FA debacle is that Arlo don't really want customers anymore as they are not prepared to listen or communicate with them.

 

This has dragged on for *months* and frankly, I'm done with Arlo.

 

 

 

oillogger
Apprentice
Apprentice

Wire security systems is usually the best route as long as you can protect the video storage device from the bad guys getting to it.  Also by far the hardest to install.  The beauty of Arlo was easy installation, simple maintenance, remote usually free storage, and ease of usage/monitoring across phone, tablets, and computers.  Now, not so much.  Arlo is regretfully slowly destroying all the advantages of their systems and it will eventually effect their sales.  It does appears the noise from the restless Arlo natives was loud enough to get their attention at least briefly.  We will soon see by their future actions if they choose the path of self destruction or the path of success.   Arlo was the wireless security camera system to beat.  Now there are several competing copy cat systems available.   Will Arlo lead the industry or fall to the wayside soon to be forgotten?  I am afraid of the ending of this story.

CCNE37
Apprentice
Apprentice

Agreed. One thing you didn't mention is that Arlo cameras also had fairly decent video quality, and they have effectively trashed that as well (at least on the Pro 2 models) with their ridiculously aggressive bitrate reduction - the videos are no so compressed that they are usually pixellated and unusable for any security purposes.

 

So, yes, it does almost seem that Arlo (since leaving Netgear) has deliberately set out to destroy their product and alienate customers, which is not a great business model, so this will probably not end well for them or their customers. Unfortunately with the current lack of local storage, if Arlo shut up shop, the products instantly become paperweights.

 

I do notice that in addition to the zero communication from Arlo on the 2FA, they actually still have the orange warning to activate 2FA by 31 October, so they haven't even updated their own website.

 

MikeBravo
Luminary
Luminary

We suspect that most of their decisions are kneejerk responses by the very top echelon of the company reacting to something a colleague or friend in a similar or ancillary industry suggests over drinks or something which is typical of the tech business. Its why Gates and Jobs for example, but also HP, Dell, Gateway, Packard Bell and many others, made so many mistakes early on.

 

If these decisions were being made by the middle level engineers and marketing folks who work with the product we doubt that their would be so much confusion and so many snafus.

 

We increasingly believe that the lack of communication with the customers especially is another symptom of the top level management holding too close control, just like Gates and Jobs did until their organizations got so big they had to loosen the reigns.

MikeBravo
Luminary
Luminary

We think their biggest mistake was the cloud storage.

 

Trying to be like AWS, ADT, IBM, ATT and others, making most of their money off of storage has crippled their product and inspired all these issues that followed.

 

We'd much rather local storage which is much more secure and private. 

 

Without the cloud, we'd bet that a lot fo the latency issues would disappear.

oillogger
Apprentice
Apprentice

MikeBravo, The latency issues would at least be reduced without cloud storage and local storage may be more secure and private from the hacker.  Without cloud storage your recorded evidence for a break in is far less secure.  Without cloud storage the bad guy looks up and sees an Arlo camera hanging off the side of your home or business and says, "Bro, they have Arlo cameras.  This will be easy!  Just gotta find the Arlo base and take the small memory stick in the back of it."  The homes and businesses with Arlo security systems would become an easier target even for the dumber bad guys.

OttToyBoy
Star
Star

@oillogger wrote:

Without cloud storage the bad guy looks up and sees an Arlo camera hanging off the side of your home or business and says, "Bro, they have Arlo cameras.  This will be easy!  Just gotta find the Arlo base and take the small memory stick in the back of it."


This actually demonstrates why we users/owners of the cameras should be able to make our own security decisions.  In fact, local storage can be magnitudes more secure than cloud storage.  I can guarantee that if I was using my Arlo camera for security recording there would be zero chance that a bad guy would be able to find my wireless server -- how about hiding it in a remote corner of the attic under some insulation as an example -- (or I could take a simple precaution like physically locking it up in the house.  Easily accessible to me but next to impossible for a break and enter thief).

 

With my own local storage solution, I could also easily stream it myself to offsite storage that I contorl.  (perhaps on a rotating 24 or 48 hr basis -- or whatever I choose).

 

The fact is that relying on 3'rd-party Cloud Storage opens us up to many more security issues than it solves. (Rogue Arlo employee, mass break in, security vulnerabilities, etc..)

oillogger
Apprentice
Apprentice

OttToyBoy, Yes, the storage should be well hidden or well locked up.  Not too sure if I would put the base up in the attic potentially exposed to heat.  At work we had the recorder for the cameras in a sturdy cage bolted to the floor.  At another facility the recorder was locked up in a secure air conditioned network room.  I would be interested in the method you would use to stream recordings to a remote device.

MikeBravo
Luminary
Luminary

oillogger, we kind of see it as six of one, half dozen of the other.

 

As we have seen in the past with all the online places, Amazon, Facebook, AWS, Google, they all are susceptible to hackers and that threat is constantly increasing.

 

As far as local storage goes, of course you have to be conscientious and back up, back up, back up.

 

By the way, in the scenario you describe, once their inside, and of course, your Arlo system either didn't notify you in time or didn't notify you at all which is very common as we all know, what does it matter what's on the card. They're inside and can do whatever they want at that point!

MikeBravo
Luminary
Luminary

OttToyBoy,

 

Agree completely.

Macahi
Apprentice
Apprentice

Hey, the yellow box at the top of these screens now says Nov. 30th for 2fa.

 

Golly, I'm sooooo surprised.

SCKG
Apprentice
Apprentice

Does it say what year?  LOL!