Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
dcfox1
Master
Master

@EOSJOE  wrote  I used to see messages about flash going away at the end of 2020 every time I would access Arlo with my PC. But for some reason I don't see those anymore. Is flash still going away?  Will I still be able to access my camera system with my PC when it does?

 

Arlo got rid of flash a couple months ago probably when you stopped seeing the notice. 

 

 

EOSJOE
Apprentice
Apprentice

Oh!  That's good. I guess I don't have to worry about it then.

 

Thanks!!

 

glcjr
Star
Star

@Maryjh wrote:

Yes, we must do it EVERYTIME! I am not happy about this! How do you turn it off?

 


Sign into my.arlo.com

 

Click profile on the menu

 

Click Two Step Verification on the new screen that loads

 

Disable on the next page

OttToyBoy
Star
Star

Login in --> Settings --> Profile --> Two-step verification --> slide switch at top to disable

 

** Thank Gawd!  I was just about ready to smash these things if I had to use 2-factor authentication one more time!!

Also, the e-mail 2FA has about a 5 minute delay that I confirmed to be on the Arlo side, so that's not even an option.

 

Maybe one day they'll implement it properly and I'll turn it back on but, for now, good riddance.

MichaelUrs
Star
Star

@OttToyBoy  schrieb:

Login in --> Settings --> Profile --> Two-step verification --> slide switch at top to disable

 

Maybe one day they'll implement it properly and I'll turn it back on but, for now, good riddance.



 

According to their plans, it will be MANDATORY by end of this year. That is what this thread is about 😞

 

OttToyBoy
Star
Star
If they make it mandatory with the current implementation it will make these things next to useless. I've only owned the camera for two days and was ready to pack them in after having to 2FA about 50 times.
@Arlo decision makers: you need to revisit this terrible decision. If your security solution is worse than the problem it's trying to solve then it's no solution at all.
stevespalding1
Guide
Guide

@OttToyBoy - if you've only had them a couple of days, I would return them.  I have no confidence in the Arlo decision makers taking any notice of users - they will do this because they *think* they know best. I've had mine for several years and if this goes ahead will probably retire them in favour of something I can control better. This 2FA nonsense has already cost netgear / arlo my business - additional cameras have been purchased from alternative vendors (In this case Blink, which to be honest I would avoid as they're not really fit for purpose).

mamarcac
Apprentice
Apprentice

@OttToyBoy wrote:
If they make it mandatory with the current implementation it will make these things next to useless. I've only owned the camera for two days and was ready to pack them in after having to 2FA about 50 times.
@Arlo decision makers: you need to revisit this terrible decision. If your security solution is worse than the problem it's trying to solve then it's no solution at all.

It's almost as if Arlo creates new problems to distract users from the ones they refuse to fix, like the laggy/unstable app, terrible video compression, constant pop up ads when using a web browser to check cameras, firmware bugs introduced with each new release...you get the point.

OttToyBoy
Star
Star

Alas, the product itself is probably the most capable in the market and we purchased it to monitor my wife's 96 yr old mom in-home during COVID 19 crisis.  We did a ton of research and made a purchasing decision so I'm married to these cameras for now.

 

We need to share the functionality with many caregivers (who come and go from the home and who will need access during their shifts) so this 2FA stupidity might make this impossible.  I think there is some way to "share" the feeds with them but I've not yet tested that or figured it out.  I'm still struggling because the promised Alexa Echo Show integration isn't working (seems to be a lot of users complaining about this but no apparent action from Arlo/Netgear). 

 

In our case, we have 24x7 care in the home but caregivers do need to have eyes on my wife's mom 100% of the time.  Frankly, we couldn't care less if the The Illuminati or even Ninja's from Japan have access to view our cameras (have at it, Ninjas!) -- in our case the house is occupied 24x7 and camera security doesn't even enter into the equation.  Of course, I'm being flippant -- we expect industry standard encryption and reasonable security -- but security should be available on a sliding scale as required by each client.

 

FWIW, I own a Meural canvas that and Netgear recently acquired Meural company.  Everything went to hell in a handbasket with that product too.  It went from a stellar product with excellent support to a stellar product hobbled by crappy support and poor corporate decision making that immediately affected end functionality.

 

I don't want to slam Netgear too hard (okay, maybe I do...) but there seems to be some questionable product decisions being made and some poor engineering going on behind the scenes that's making things like a poorly thought out 2FA scheme roll out to end customers.

 

dcfox1
Master
Master

@OttToyBoy 

Have you checked settings to turn it off. I still can. 

OttToyBoy
Star
Star

@OttToyBoy 

Have you checked settings to turn it off. I still can. 


Yes, see my message above; however, someone then pointed out that it is Netgear's plan-of-record to make 2FA mandatory by end of the year.  I guess that's yet to be seen but, if they follow through, it's going to super suck.

 

Retired_Member
Not applicable

I agree with the OP

Making this mandatory is a bad idea 

its my flipping system and it should be my choice

 

ARLO - you're really pissing us off!

Bette99
Star
Star

Well, if we didn't know it before, we do now: Arlo/Netgear does not pay any attention to its customers' opinions. I just received a "reminder" to enable two-step verification from Arlo. And to top the arrogance off, the email states that "Once enabled, Arlo will authenticate your identity with a security code delivered by text message or email to a trusted device". Which is a lie - there is no email option. If there were, I wouldn't be quite as mad as I am. As I have stated before, I do not want to buy and carry a spying device (aka a mobile phone) around. An email option would be annoying, but not completely impossible to live with.

MichaelUrs
Star
Star

@Bette99  schrieb:

Well, if we didn't know it before, we do now: Arlo/Netgear does not pay any attention to its customers' opinions. I just received a "reminder" to enable two-step verification from Arlo. And to top the arrogance off, the email states that "Once enabled, Arlo will authenticate your identity with a security code delivered by text message or email to a trusted device". Which is a lie - there is no email option. If there were, I wouldn't be quite as mad as I am. As I have stated before, I do not want to buy and carry a spying device (aka a mobile phone) around. An email option would be annoying, but not completely impossible to live with.


That is not 100% correct. There IS an e-mail option. You can choose between push message to a trusted devices (smartphone), SMS to a mobile phone or an e-mail. However sometimes it takes a long time until the mail with the 2FA code arrives. So this is not a real alternative.

OttToyBoy
Star
Star

@MichaelUrs wrote:

[...] However sometimes it takes a long time until the mail with the 2FA code arrives. So this is not a real alternative.

Agree.  This matches my experience as well.  It was faster for me to create a Google Voice phone number so I could receive text messages (I don't own a cell phone) than to receive the 2FA email.  The email arrived a few minutes after...  the delay was isolated to the Arlo email; all my other emails were being received immediately so definitely a problem at the Arlo side.

 

I don't know if anyone from Arlo reads this forum but, if so, please re-consider this 2FA requirement.

 

Another quick anecdote:  I rent condos and advertise on Vacation Rental By Owners (VRBO)/HomeAway.  They forced a faulty 2FA system out on all their owners and it caused so many problems; from guests who couldn't check in (because owners couldn't log on to provide them check-in info), to their entire customer support system crashing (due to the volume of owners phoning for help logging in).  It was an absolute travesty.  I'm sure that they lost millions of dollars in reservations, inconvenienced countless owners & guests, and it caused permanent damage to their brand.  It took them over 2 years to get the 2FA system to work properly (but it's still a pain in the ass and I can't log in reliably when I'm traveling in 2nd or 3rd-world countries due to over-zealous security).  Arlo, if you insist on this, please don't botch it like VRBO/HomeAway did.

BuzzyB
Initiate
Initiate

At least give us (your customers) the option of using 2 step verification or not....if it is mandatory...you have lost another user and I will make sure we don't use your equipment for the new security system we are installing at work. 

bluevase
Guide
Guide

This makes no sense to me at all!!!  On my phone, I use fingerprint authorization.  Why am I subjected to this nonsense!  It's similar to the old software error that would log me out of Arlo on my password protected phone with no reason requiring looking up my login information.

 

I appreciate security, big time, yet this is completely overboard when you realize the already secured phone login capability plus the fingerprint validation.

 

Please correct this new software to remove this unnecessary burden.

Bette99
Star
Star

Where is that option?? When I log in I get ONLY an SMS option, nothing else.

EOSJOE
Apprentice
Apprentice

I'm taking a wait 'n see approach to see what they do. If they do end up throwing customer wishes to the wind and implementing mandatory two-step authentication, I'll simply de-install my Arlo camera system and go with something else. Every month it seems there are more choices out there. 

Linusl
Luminary
Luminary
You could share access to your account to your work email if your employer allows that.
dcfox1
Master
Master

Ring already has 2fa mandatory and Nest started rolling it out in May so It's the way Cameras are going not just Arlo. 

bluevase
Guide
Guide


After reading the replies, i realized that is a SERIOUS SAFETY HAZARD.  if someone is stalking and planning to break into my house, I NEED IMMEDIATE ACCESS TO MY CAMERAS, not waiting for a text or email.

 

I repeat, SERIOUS SAFETY HAZARD!!!

Retired_Member
Not applicable

I'm not playing this game - Im selling my arlo and buying a REAL camera system like the sony PTZ's and administering it internally - enough of this arshole big corporations 

OttToyBoy
Star
Star

@dcfox1 wrote:

Ring already has 2fa mandatory and Nest started rolling it out in May so It's the way Cameras are going not just Arlo. 


A bad idea is a bad idea.  Just because it's been normalized doesn't make it acceptable.

 

Also, if Ring & Nest have done this already, what a great opportunity for Arlo to differentiate their business by offering options to customers wrt. levels of security -- why not seek to improve?!   🐵  [Or at least make an implementation that doesn't suck and force users to 2FA every single damn time we log on...]

dcfox1
Master
Master

I still had rings cams when they switched and and I hated 2fa. I mainly left them because of 30 second max recording on battery cams. But not sure which was worse.