Arlo|Smart Home Security|Wireless HD Security Cameras
× Urgent: Activate Two-Step Verification
Arlo requires all users to activate two-step verification to continue to access your recordings, devices, and account.
Please enable this feature now. Learn More.

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
newbeat
Initiate
Initiate

Hi arlo devs, 

i know two factor auth is awesome and secure and all, but the use case for arlo baby would be a disaster for me. 

Half the time i'm viewing baby using your product, i'm in the room, in the dark, trying to zoom in our babies eyes to see if they are asleep. I can't open an app with white bright background or receive a text message to process two-factor authentication. At the moment it's 1 click and open. Please reconsider two-factor auth for arlo baby, i can't be the only one here that doesn't want to be wasting time and waking baby with this onerous step. 

Newbeat. 

Model: ABC1000 | Arlo Baby
Mattgi
Initiate
Initiate

Hi devs

 

2FA if implemented properly is ok. But the current system of requiring it every time you login is bad. Please give 5 (for example) allowed devices and one time 2FA for a device. 
as an example when I login to the web interface on my iPad it keeps asking me to authorise even though it’s registered as an allowed device. Very annoying. 

Stephanoochi
Guide
Guide
Stupid for Arlo to do this! Arlo has got enough technical problems already! This new extra security thing being mandatory is ridiculous and actually defeats the purpose of having these work quickly! Complete idiocy on their part
Model: VMB4000 | Arlo Pro/Pro2 Base Station
Stephanoochi
Guide
Guide
It says mandatory by the end of the year so either they're lying or they're just idiots and don't know how to do their business! If they turn this on and it's mandatory it will destroy the whole purpose of having it quickly assessable. Which defeats the purpose of having it to begin with! STUPID idea to make this mandatory! It should be a choice for everyone individually!
Model: VMB4500 | Arlo Pro/Pro2 Base Station
Stephanoochi
Guide
Guide
It is a bad idea to not give us the choice! If we do not want the two step verification system then we should be able to choose not to have it! If you make it mandatory it's pointless to even have these cameras! You're idiots if you don't understand that! Obviously you don't care about your customers! IF YOU CARED about your customers you'd give them a choice!
Model: VMB4500 | Arlo Pro/Pro2 Base Station
thepom
Initiate
Initiate
This is, unfortunately like most of the arlo software, very poorly thought out. Come on - do it right with multiple trusted devices that don't require this. Security is good, until it is so poorly done that it becomes an impediment for a legitimate user.
Anyone suggest an alternative camera solution ? I'm leaving - fed up with arlo software. I don't want pretty - I want reliable and functional.
dcfox1
Master
Master

@thepom There are others but many already have 2FA or are going to it. Arlo just has to get it right with trusted devices. 

Blinky1950
Initiate
Initiate

I am really angry that you are forcing me to use your two factor verification. This enhancement is not only stupid it is making your product worthless. I need access to my Arlo site to check any alerts while I am away from home. Especially when I am overseas. I dont use my Australian SIM card when I am overseas because the roaming fees are way too expensive so I use a local SIM card for that country. Now with your stupid two factor verification I will not be able to log onto my account when I am overseas. you are forcing me to pay expensive roaming fees just so you can make your developers to look smart. You must introduce another way of receiving the two factor verification apart from one sent to a mobile phone. Otherwise I will deem your product to be "not fit for purpose" and i will be making a formal complaint to the ombudsman and the office of consumer affairs. When are companies like yours going to wake up and listen to your customers. At least give me the option to TURN OFF the two factor verification while I am overseas.

Model: VMB4500 | Arlo Pro/Pro2 Base Station
jguerdat
Guru Guru
Guru

Tell this to the others who have had their accounts hacked and had outsiders watching their children.

 

In a perfect world we wouldn't need passwords but the world is rife with idiots.

zbuc
Initiate
Initiate

Mandatory 2FA isn't a terrible idea but it would be great if you could support TOTP (Google Authenticator) codes or have trusted devices so we can continue to do automation without too much hassle. Or introduce service accounts for automation.

MichaelUrs
Star
Star

@zbuc  schrieb:

Mandatory 2FA isn't a terrible idea but it would be great if you could support TOTP (Google Authenticator) codes or have trusted devices so we can continue to do automation without too much hassle. Or introduce service accounts for automation.


That is exactly what we need! If this is the case 2FA is totally ok. However, at the moment, there is no evidence that this willl be implemented by end of the year. So, Arlo: PLEASE think about that and give us feedback. Thanks!

yoelrc88
Initiate
Initiate
Also agree that 2FA enforced is a bad idea for many use cases .
Yoel
Model: AVD1001 | Arlo Video Doorbell
BeachBBum
Initiate
Initiate

There we go, an alternative product recommendation; that’s what I’m looking for. This vendor has made up their mind that 2FA is something they are going to force customers to use. It’s Time to accept there is nothing I can do to change their mind, and accept that there is a wired system is in my future... before they force the 2FA on me, and I have to install a wired system in panic-mode.

 

I get the complaints, but complaining is probably not going to make them stop going down this road. A more productive use of my time will be to seek recommendations for a new vendor that is not forcing 2FA onto their customers. I’ve dealt with companies like this before; I guarantee that they are not going to change. They are in charge, they know it, and whatever they decide is going to be the final word on the matter regardless of the complaints that they receive. Time to move on to a more respectful supplier that listens to customers.

 

Looking at other wireless suppliers, it appears they are all sticking together on the 2FA issue, and will be requiring 2FA in the future, if they haven’t already, so the only way to avoid this self-defeating step they are forcing on us is evidently going to be running wires. Let’s face it, a wired system has advantages over wireless, with many features a wireless system will never be able to implement anyway. 

 

I see everyone chiming in with all the issues with 2FA, not the least of which is simply checking on what’s happening or what just happened, ten’s of times a day and night, usually on one of several iPads located around the house for convenience. 2FA would require me to also locate my cellphone in order to see what’s going on via another device (my iPad). In another part of the house. Talk about creating an unsafe, useless situation for a homeowner that is using strategically located Arlo cameras to protect their family. In the case of an intruder, I can’t be running around the house getting to a particular cellphone to gain access to a code so that I can check out what is going on, on a camera that has informed me of the very thing that I invested in the cameras in the first place. 2FA defeats the whole purpose of investing in security cameras to protect my family... wireless WAS a great idea; now it’s not... 2FA ruins the the whole deal.

Model: VMB4540 | Arlo Pro 3 SmartHub
klowetx
Tutor
Tutor

As suggested in the recent email, I set up two-step verification on my Android phone. But every time I log in from my desktop and laptop, I have to go through the authorization. There is no way to make them trusted devices. I cannot understand why this is so difficult. I will be turning off the two-step until this is resolved.

 

Example:  I don't carry my phone around the house with me.  So, I have an iPad in the Kitchen and want to check the front door when my phone is upstairs in my home office.  What a pain.  Or when I ask Alexa to check the garage camera and my phone is somewhere else in the house. 

 

My banking app allows me to authorize trusted devices.  Once a device is deemed trusted, I don't have to do the two-step anymore.  I only have to use the two-step with unauthorized devices.  My spam/security software has users set up a 6-digit code.  When I login, they will ask for certain digits of that code.  An example is after inputting your username and password, their system will ask for two digits at random of the code, say the first and third digit one time and the next time it could be the 5 and 6 digit.

 

Come on Arlo, put a little more thought in this important matter.

 

 

Instead of implementing a poorly executed security method, it's time to get rid of Flash in the browser!

Model: VMB4000 | Arlo Pro/Pro2 Base Station
Jimbo435
Guide
Guide

I come to the forums to see if anyone else has an issue with this added step EVERY TIME.  I am surprised there are not more people complaining.  If someone is breaking into my car or my house, time is of the essence.  Even an extra 30 seconds to get a text and enter a code can be the difference between using the two way voice feature to scare away a package thief, and just watching the package walk away.  

 

PLEASE Arlo, one time authentication is fine, or even when using a different device, but every time will mean that my Arlo installations at my home, work, vacation home, and my son's home would all need to be replaced.

Linusl
Luminary
Luminary

I´m pretty sure the complaints will start coming when it´s forced upon their users and subscribers. That is why you dont see so much complaints yet.

I use geo  zone for the family for arming for the cameras. Everytime the family members batteries run out before they / we leave the geo zone I tell them to login so they arm. Im pretty sure this will become a big problem with 2 step. I will most likely have to abandon using it and just manually arm if the last person leaves the property.

But have already invested in Eufy (5 of them), Reolink (2 of them wired) and Nest cameras (3 of them) beside my 6 Arlos. So might sell Arlo to someone if this is implemented in a bad way. I really like Arlo as a product but the subscription fees and the constant updates that causes errors and now this bad 2 step might be what makes me invest more in one of the other brands I already have.

Linusl
Luminary
Luminary
Have all of you writing in this post actually tried their 2 step?

This is what Arlo write

Arlo will authenticate your identity with a security code delivered by text message or email to a trusted device. Once authenticated, Arlo will verify your identity anytime you sign in with a new device, to prevent unauthorised users from accessing your information.

This means they just require this everytime you login with a new device or get logged out with the current. Or atleast that is how they sell the solution. I havent tried it so I do not know.
Bette99
Star
Star

I tried it, and the first lie in their message is that they will allow email as authentication method. I ONLY get SMS option. Since I don't have a mobile phone, I won't be able to use this once it gets mandatory.

Linusl
Luminary
Luminary
I have seen instructions from arlo somewere in this community on were you change it to email instead. So this should work. Its under settings or something after you have activated it.
Bette99
Star
Star

And how would I activate it if I don't have a mobile phone number????

Linusl
Luminary
Luminary
As I recall the answer from arlo was to skip that step somehow and it would default to email. The step by step instructions is somewere in this community or you could create a ticket to arlo to get the steps.
OttToyBoy
Star
Star

@Linusl wrote:
As I recall the answer from arlo was to skip that step somehow and it would default to email. The step by step instructions is somewere in this community or you could create a ticket to arlo to get the steps.

email authentication didn't help. Still forces you to run all over the house to log on to email and get the authentication number and then enter it into the app.  You can't even cut-and-paste it, IIRC, due to the design of the entry form.  Also, it forced email authentication every-single-damn-time I used the app (even if I had just authenticated the app two minutes before). 

 

We need to be able to share a device with the Arlo screen already shared with our caregivers.  The first time we're not there and the thing needs to be re-authenticated, the whole system becomes useless.

Bette99
Star
Star

Funny that you are absolutely certain this is possible, and that there is an answer here somewhere - but you apparently haven't even tried to set it up yourself, and you can't point to the answer.

I did search the forum, and I found this thread: https://community.arlo.com/t5/Arlo/When-will-email-option-become-available-and-if-it-is-already/m-p/...

The Arlo moderator very helpfully explains that if you don't want to use SMS notification you can go to "your mobile phone" and set up push notification. It first of all does not explain how to set up email notification, and if you notice, it assumes you have a mobile phone... Which I DO NOT HAVE.

OttToyBoy
Star
Star

@Bette99 wrote:

Funny that you are absolutely certain this is possible, and that there is an answer here somewhere - but you apparently haven't even tried to set it up yourself, and you can't point to the answer.


I'm not exactly sure if this was targeted at my previous reply... but I also don't own a cell phone and I was able to set up email notifications.  I'm sorry but I don't remember the steps I had to take -- it was buried deep down in some menu somewhere if I recall correctly.  I'm also quite creative -- if I needed a text number I probably set up a temporary Google Voice account and had it text me there.  I'm sorry, I don't remember the hoops I had to jump through but if I can re-create them some time, I'll come back and post how I did it.

Bette99
Star
Star

Right - and personal Google voice accounts only work in the US. Not terribly helpful for a lot of people, and not an option for me (I have obviously looked at that previously, since Arlo is by no means the only company/org that just blithely assumes everybody wants to walk around with a spying device all the time).