Arlo|Smart Home Security|Wireless HD Security Cameras

Mandatory Two-Step Authentication (Verification) a Bad Idea

Reply
ChrisKay
Follower
Follower

Making this mandatory is an exceedingly bad idea since it will slow down authentication and when it breaks—and it occasionally will—it will prevent access completely.  At least give the end-user the option of deciding how much protection to require for the account.

609 REPLIES 609
OttToyBoy
Star
Star

@Bette99 wrote:

Right - and personal Google voice accounts only work in the US.


I live in Canada and have a Google Voice number (like I said, I'm pretty creative). I'm not sure if 2nd-line or textnow are available on whatever device you own but those are other options that might work. The long and the short of it is that, if Arlo, makes this mandatory, it's going to inconvenience a lot of us users.

Bette99
Star
Star

I have now receive yet another "reminder" to set up 2-step verification, and again this email claims that I can use email to receive the security code. HOWEVER, this does not seem to be possible.

1. When I log into my.arlo.com and select Settings -> Profile -> Two-Step Verification, I get ONE option, and that is "Enable". When I enable the option, Arlo displays a phone number which is not my number, and which I have not provided to Arlo. The only additional option on that page is "Add SMS Verification", When I choose that link, I get the helpful choice to "Enter a number that can receive SMS messages". Since I do not have such a number it is not hugely helpful.

2. When I search for a way to delete the phone number that Arlo seems to have pulled out of their a****, I find this link:

https://kb.arlo.com/000062289/How-do-I-edit-two-step-verification-settings

With this instruction:
To remove a trusted device or phone number for two-step verification:

Launch the Arlo app or log in to my.arlo.com.
Tap or click Settings > Profile > Login Settings > Two-Step Verification.
Tap or click the trashcan icon next to a phone number or trusted device.

 

Those steps are incorrect (no "Login Settings"), and there is no trashcan icon next to the phone number.

 

SO:

How do I enable verification using email?

And how do I delete the phone number you have acquired god knows how????

 

 

Retired_Member
Not applicable

Yes totally agree to this two step is a very bad idea. Being a Senior person, having to go through this two step verification is a frustration. Also, people do change their Telco providers and phone numbers as well. Will these changes then affects the receiving of SMS text sent for this 2 step verification.

nealhayden
Star
Star

I agree!!!   Living in Mexico – internet and telephones are not always reliable.  It will increase the burden in logging into my account. 

 

Also, quite frankly – viewing my cameras is not at the same level as logging into my bank account.  Forcing users to use a 2 step process is overkill, unnecessary and limits users from taking self responsibility for their own security.

 

BigPoppa
Star
Star

I cam here to say this exact thing.  

 

When I am laying in bed at night, and I hear a noise outside, I grab my phone and check my camera.  To be honest, Arlo is not as fast as I would like already, sometimes it takes awhile to "connect" with the camera.....    BUT, I surely don't want to have to wait for a text message, and then with blurry eyes try to figure that out!  I mean every time???  That's insane.  It will break one of the main uses of this device, and that is checking a camera when you hear a noise.  If you have to wait 3 minutes to gain access, it may be too late.

 

Make this optional please!!! 

 

EOSJOE
Apprentice
Apprentice

Even worse... what if you don't have your phone handy?   What if you get a motion trigger and you have your iPad or your wife is downstairs with her iPad?   Or you are accessing the Arlo website from your PC?

 

I just got an email reminder from Arlo today reminding me that 2-step verification will be mandatory by the end of the year. Why doesn't Arlo get it?  Don't they realize most of us will be forced to dump our Arlo systems and go buy something else?

 

BeachBBum
Initiate
Initiate

I was just about to upgrade to the Ultra, having upgraded my internet to be able to handle the severe increase in upload speed that the ultra will require. Nah... don’t think so. It’s getting too close to the end of the year. Instead, it is time to take the plunge and run some wire. I mean, just how inconveniencing do wireless have to get, to make running a little wire a way better choice? Constantly charging batteries, tweaking routers and worriers about internet speeds that aren’t even an issue for UHD TV signals but cause issues for wire-free security cameras, the Ultra’s require upload speeds that even cable barely provides, a never-ending monthly fee just to get basic video storage, etc.. And now 2 step verification to check what just happened on one of my cameras... 50 times a day... NO, a resounding no! The whole wireless drop-cam idea seemed soooo convenient back when it all started, but now it has turned into just one more hassle I don’t need. The whole purpose of wireless cameras, after all, was the hassle-free convenience of the whole thing, only to end up turning into a much more inconvenient option than wires would’ve been in the first place. 

BigPoppa
Star
Star

Yes, I too will move to a wired system if Arlo goes through with this mandatory 2fa.   It makes zero sense.   Even banks let you authorized a device for 30 days at a time. 

Redrum_Redrum
Initiate
Initiate

I hope they reconsider. Two-step verification will be a pain. This is NOT a bank account it's just a camera. I want fast access to see what's happening. Not "OK, where's my phone, what's the number." Screw that

smartypants123
Guide
Guide
I just talked a friend out of buying a new ultra system. I don't think Arlo understands the damage they are doing to their brand and their bottom line. #dumb
Jimbo435
Guide
Guide

I bit the bullet, and signed up for  2-factor.

So far, only had to put in  a  code once.

Looks like it is just when you use a new device.

nealhayden
Star
Star

I hope this is the case going forward.  I can live with 2 step ONE TIME ONLY.  Otherwise, I will be recommending to the board of my non-profit - remove Arlo and purchase a competitor.

dcfox1
Master
Master
MichaelUrs
Star
Star

Unfortunatey this is not the case if you are using the web interface. In this case you need to verify the second factor EVERY time. The 2FA could be a trusted device, a SMS or an email.

 

So what we are all want is that Arlo gives us the possibility to

 

- set a trusted browser as well so that on that browser we do not need to verify the second factor every time

- use a commonly used 2FA like TOTP besides the currently used ones

 

If this will be implemented then, I guess, everything would be ok and no one will complain anymore.

 

It is really bad, that Arlo is not responding at all to all these requests here in teh forum. It could be that they are reading it and are already working on a solution. However in that case it would really be a good idea to just tell us that.

Retired_Member
Not applicable

Greetings Michael.

Thank you for your good advice.  It is good that Arlo support will look into the Customers' concern.

MichaelUrs
Star
Star

As I said: Unfortunately I do NOT think that Arlo is looking here in the forum and working on improving their products according to their customer whishes 😞

andrewbnz
Tutor
Tutor

As previously mentioned I disagree with the approach Arlo is taking with 2 factor authentication. This should be opt-in or at the very minimum allow trusted devices.

The 2FA changes as they are will make the product/service behave significantly differently than it did when purchased and as a result it will no longer be fit for the purpose for which I purchased this.

 

Fortunately in New Zealand we have relatively strong consumer protection laws (I know Australia also has similar laws). Which provide a level of protection to consumers when purchasing products, this includes guarantees that products and services must be fit for the purpose for which they were purchased.

 

When i purchased my Arlo system I research and tried a system in-store to confirm it would suit my needs.

I was able to setup and login to my cameras using a dedicated Tablet which is only used for the security cameras. Login and viewing cameras and events was fast and simple. With the new 2FA changes, it appears that in order to view my cameras on the table I will also need to get my phone to receive a 2FA code to login to Arlo on the tablet thus taking significantly longer to login and resulting in missing certain events etc...

 

This is a significant change to the product/service from when I purchased it and had I known this would occur I would not have purchased the Arlo product. As such it is no longer fit for purpose.

 

With this in mind I will be returning the Arlo system to the retailer and giving them the opportunity to remedy the situation. When they are not able to do this, then they will be required to refund the product in full as per the terms of the NZ consumer law.

 

 

MichaelUrs
Star
Star

Andrew, you ARE able to set a trusted device. E.g. I do not have to enter a 2FA on my smartphone. However if I login via web I need my smartphone within my reach in order to either confirm the access via web in the Arlo app on my smartphone or receive a SMS which I would then need to manually enter into the web login form.

 

So if you only have one dedicated device it should work for you as before.

 

Only if you are using other device including the web browser access then the handling would be more complicated and time consuming.

andrewbnz
Tutor
Tutor

I will also be using other phones and Web access at times. So this may still be an issue.

Retired_Member
Not applicable

dumped my Arlo systems (had two separate systems) - no way I'm playing their game.

 

Found much better option, I use Homekit, so I went with Eve Cam - no subscription, no Arlo hub, - completely secure, all video's are encrypted on both ends and kept in my secure iCloud, not forced to store the video's on Arlo servers)

 

 

EOSJOE
Apprentice
Apprentice

So I just received this email again this morning. WHY is Arlo ignoring the wishes of its customer base?  I'm really not looking forward to dumping my investment and buying another product.

 

"By September 30, 2020, Arlo will require all users to enable two-step verification: an added layer of account security to verify that it’s really you, even if someone knows your password. Once authenticated, Arlo will verify your identity any time you sign in with a new device, to prevent unauthorized users from accessing your information.
We strongly encourage you to enable this feature now to continue to access to your recordings, devices, and accounts."

YaquinaHead
Initiate
Initiate

ARLO cameras are slow enough to respond under normal circumstances whether on mobile device, Alexa or PC.  Adding two-step verification has to be a user choice/option.  When I need to see something that is going on, I need it now.  Most of the time the activity is gone by the time the camera is active.  With two-step, it becomes useless.

 

Two-step verification will essentially render our cameras useless.  From what I can see from forum posts and the email I received today, ARLO is ignoring months of objections to this.  I have been a loyal ARLO supporter and recently upgraded to a newer system.  Making this mandatory is an exceedingly poor decision. 

 

RandyQUATTRO
Star
Star
This Arlo reminder email also caught my attention. Was an original Arlo purchaser and supplemented my system with Arlo Pro, now looking to further upgrade. PAUSE! Adding an authorized user for access never worked on my wife’s devices (old bug - completely defeated the purpose of having) so we use the same login between phones. This is 99% effective as I usually look at emails since she will use alerts to login and check cameras. 1% issue is when I simultaneously login while she is logged in - one of us gets kicked out. Potential problem would be if system is not recognizing trusted device (because Arlo software is buggy) and forces the 2FA when this happens. I don’t want 2FA on my system. We need the choice, especially if we are paying subscribers.
stevespalding1
Guide
Guide

To put it simply they just don't care. It is this kind of attitude which has turned me off Arlo and for that matter, Netgear -  their attitude is that they know best and their customers will do what they're told. American companies are often like this - their contempt for their customers opinions and requirements is often extraordinary (Apple are the absolute worst for it). I purchased my setup based on the capabilities and requirements  of the devices at the time (about 2 years ago now). Had I been informed that Arlo would mandate what security measures I  must take with my own equipment, I would have purchased something else. sAs far as I'm concerned, they are removing functionality and not improving anything by making a certain workflow mandatory.  I am aware of the implications of not having 2fa enabled and am happy with it - I am not happy however with being told how I must use equipment that I own.  Eventually some bright developer will work out how to use the devices and base station without any involvement from Arlo and until such a time, I for one will be investing elsewhere in equipment that I have full control over from companies that have at least some degree of respect for their customers.

SCKG
Apprentice
Apprentice

I purchased the Arlo Camera system several years ago.  Just received the Mandatory Two-Step Authentication email from Arlo.   I do not have a cellphone with text messaging.  The Arlo representative was not overly familiar with the requirement but insists I need a cellphone to enable the feature.  I use email two-step verification for other applications including my credit unions and personal Wordpress website.  I did not need a cellphone number with text messaging to set up the Two Step Verification process; only an email was necessary...

 

When September arrives do I no longer have access to my Arlo system online?

 

If Two-Step Verification is mandatory, then Arlo must find an alternative for those customers who purchased their products prior to the cellphone with text messaging requirement.  Otherwise they should refund all products purchased prior to this policy change for those customers who do not have cellphone/text messaging access.