2 Factor Authentication (2FA) Information

Not working today. So not ordering items. Gave up. Three time text codes and they all failed. Saying code not right. Guess one way for me to save and not spend money

Highly disappointed with Wyze today… I’ve been an early adopter and I’ve purchased over 10 products from Wyze over the years. While I continue to love the products, I can’t express how much I HATE your 2FA process.

I had to get a new phone and number last week, and I can no longer access my account due to 2FA. I contacted support 3 times and basically got the message I’m S.O.L. in terms of keeping everything that I have had setup over the years. Pretty freakin’ frustrating!!

I had to create a brand new account, setup every device again, and re-purchase Cam +. At least Wyze gave me a refund for my original account…

But seriously, you need a secondary way to be able to help someone when they cannot access 2FA.

Another company who uses 2FA (an email service provider) was able to go into my account and turn of 2FA after verifying me with a code they sent to my email (a detail which Wyze also has). Then, I was able to login and change my phone number. Please consider adding a feature like this Wyze.

Sincerely, as of today, I cannot recommend Wyze to my friends, knowing the BS I just had to go through over a simple phone number change. Very sad.

2 Likes

This is helpful feedback for Wyze. though it won’t help your current situation, I do know that Wyze is adding a way to be able to send a 2FA code to the email address registered with the account.

Also, when I set up 2FA recently Wyze also gave me a non-expiring one-time code that I could save somewhere in case there is ever a problem losing access to the normal 2FA system. That code would allow me in so I could change and fix things if ever needed.

So there should be 2 fail-safe options with 2FA now…the one-time never expiring code that will work, and soon the option to do it through the email address associated with the account.

4 Likes

This is what happens when lawyers help write code.
I am working to learn how to install iSpy so I don’t have to do anything with Wyze.
Looking for other IP cams, too.
Maybe if we all crushed our Wyze cams and sent them to the Wyse legal team they would get the picture.

2 Likes

In either this thread, or the other thread, it was mentioned that once you enable 2FA, then you only have to authenticate once per device, unless you log out.

This seems true so far for the mobile app, but since enabling 2FA on my account 10 days ago (or so), I have had to authenticate with the code a dozen times or so in just the last week on my computers.

For some reason, on both of my computers, I will come back to Wyze.com, and about half of the time, it will ask me to log in again, and then it requires me to enter the verification code sent to my phone.

Is anyone else having this issue, of somehow getting logged out, and having to log in again, and having to enter the 2FA validation code again?

In case you wonder, no, I have not logged out of my Wyze account (ever) on my computers, but it thinks I have. No, I have not cleared my browser cookies, which would log me out. And yes, I am always using the same browser, and not using different browsers each time.

It is beginning to become annoying. I’m OK with doing this once per device I log in to, but having to do this every few days on the same device is getting very tiresome.

Is there a place in my account settings (in either the app on on the web site), where I can see the list of my authenticated devices I have logged in to, to see why it is not remembering my login devices?

1 Like

It has been my experience that the Account login the website has a very short duration login certificate and requires a new 2FA for every login. I believe the WebView Beta was operating under the same parameters.

However, as per the recent Wyze eMail Newsletter, the WebView Beta got a recent upgrade to change those parameters:

Web View got some much-needed improvements this month, including bringing the load speed all the way down to 2–3 seconds. Other improvements include audio and Firefox fixes, and removing the constant need to sign in when the screen is idle. (You’ll still need to sign in every 24 hours for security.)

This is currently a #wishlist feature request. Feel free to vote on it and add your support:

Chiming in here in case there’s still hope MFA can remain optional. Security & usability is always a balancing act. Something like Wyze is better left to end users to decide just how far they wanna take things.

What really sucks about compulsory MFA in this case is that I manage Wyze accounts for several people, but they maintain ownership. I don’t want all of those accounts tethered to my number; Nor do I want to have to wait for those folks to send me codes when I need to log in as them. Emailed codes to multiple addresses should also be an option… even if it can’t be the same email as our Wyze login email. Not at all interested in re-working every single gol-dang cam to home on my account either… :man_shrugging:t2:

Alternatives to forcing MFA would be requiring longer & more complex passwords, periodic forced password changes, etc. for folks who choose to opt-out. I would also have no problem consenting to and acknowledging a “higher risk” waiver, or something along those lines, in the event of compromise… Indemnifying Wyze for anything specific to my account but not for system-wide breaches.

Create a “shared” email account or set up rule based forwarding for 2FA emails to a group.

Easier workaround than getting Whyze to do it…

1 Like

Unfortunately, Wyze does not support email for 2FA/MFA (yet?), but only support SMS text messages.

But you could set up a google voice number for your account, and have multiple phones connected to that google voice number.

NO COMPULSORY MFA is preferable to these alternative hassles… :confused:

KEEP IT OPTIONAL with proviso of stronger password requirements.

Holding out hope that this will materialize. An onerus MFA requirement should at least have several options to mitigate the pain. Push back on the data miners & jackals in legal already, Wyze :roll_eyes:

They’ve definitely had a knack for clumsy in a number of areas… :roll_eyes:

Good technology simplifies and doesn’t complicate… Just sayin’ :man_shrugging:t2:

1 Like

Hello, friend!

We noticed that your Wyze account does not have Two-Factor Authentication (2FA) and we encourage you to enable it.

2FA is a great way to protect your account by making sure that when you log into your account that it’s actually you by using SMS, an Authenticator app, or our new email method. You can learn more about what 2FA is and how to set it up for your existing accounts here.

If you would like to opt-in to email 2FA for your Wyze account, you can use the handy button below. Please note that we will not ask for your Wyze account password during this process. If you would prefer to not set this up, no further action is required.

We will be rolling out email 2FA in the coming weeks. If you decide to opt-in, email 2FA will be automatically applied to your account when we roll out the changes.

Your friends at Wyze

Opt In

Note: This link is only active for one week after the email is sent to protect your account. If you need a new link, you can request one here.

What I find of interest in this message, are the multiple references to “email 2FA”.

The original announcement said that if you did not activate 2FA, that “we will send the 2FA code to the email associated with your Wyze account”, but it never indicated, and at that time the app did not support, selecting email as the 2FA method.

But the multiple references in this latest message seem to make it clear that you will be able to select it now (I hope that’s true).

@peepeep Have you noticed if there is an “email 2FA” option for you in the app now? There wasn’t before, and even in my app (Android) today, it doesn’t show that as an option that I can choose, and I am hesitant to disable and then re-enable it to find out right now.

Hey @B57

Nope, not on Android v2.35.0 (88)

image

1 Like

Peeps,

You sure that email was legit? Hover the link to see if the URL looks wonky?

I haven’t received an email like this yet. Just double-checked spam too.

Also checked my app and didn’t see an email option, but that is probably to be expected since an update might be needed to include same.

Hey 2G, yeah, no, I donno. Odd that I’m the only one reporting…

"here"
https://support.wyze.com/hc/en-us/articles/9374288986011
"Opt In"
https://beta-oauth.api.wyze.com/api/v3/users/me/mfa/email/opt-in/verify?token=[a_hash]
"request one here"
https://beta-oauth.api.wyze.com/api/v3/users/me/mfa/email/opt-in/resendEmail?token=[a_hash]
1 Like

:thinking:

EDIT-1: Meant to ask you the date of that email, @peepeep ?

1 Like

It’s optional! It’s opt in. Hurray for sanity.

1 Like

I’m sure hoping that’s how they meant it… and not simply that the email solicitation & method were optional, but MFA itself will still be enforced.

@peepeep , did you actually initiate MFA on their website or something to trigger the email?

Nope, and when I read the line @Customer quoted just above, I tied myself to the mast. :slight_smile:

2 Likes