This is what happens when lawyers help write code.
I am working to learn how to install iSpy so I don’t have to do anything with Wyze.
Looking for other IP cams, too.
Maybe if we all crushed our Wyze cams and sent them to the Wyse legal team they would get the picture.
In either this thread, or the other thread, it was mentioned that once you enable 2FA, then you only have to authenticate once per device, unless you log out.
This seems true so far for the mobile app, but since enabling 2FA on my account 10 days ago (or so), I have had to authenticate with the code a dozen times or so in just the last week on my computers.
For some reason, on both of my computers, I will come back to Wyze.com, and about half of the time, it will ask me to log in again, and then it requires me to enter the verification code sent to my phone.
Is anyone else having this issue, of somehow getting logged out, and having to log in again, and having to enter the 2FA validation code again?
In case you wonder, no, I have not logged out of my Wyze account (ever) on my computers, but it thinks I have. No, I have not cleared my browser cookies, which would log me out. And yes, I am always using the same browser, and not using different browsers each time.
It is beginning to become annoying. I’m OK with doing this once per device I log in to, but having to do this every few days on the same device is getting very tiresome.
Is there a place in my account settings (in either the app on on the web site), where I can see the list of my authenticated devices I have logged in to, to see why it is not remembering my login devices?
It has been my experience that the Account login the website has a very short duration login certificate and requires a new 2FA for every login. I believe the WebView Beta was operating under the same parameters.
However, as per the recent Wyze eMail Newsletter, the WebView Beta got a recent upgrade to change those parameters:
This is currently a Wishlist feature request. Feel free to vote on it and add your support:
Chiming in here in case there’s still hope MFA can remain optional. Security & usability is always a balancing act. Something like Wyze is better left to end users to decide just how far they wanna take things.
What really sucks about compulsory MFA in this case is that I manage Wyze accounts for several people, but they maintain ownership. I don’t want all of those accounts tethered to my number; Nor do I want to have to wait for those folks to send me codes when I need to log in as them. Emailed codes to multiple addresses should also be an option… even if it can’t be the same email as our Wyze login email. Not at all interested in re-working every single gol-dang cam to home on my account either…
Alternatives to forcing MFA would be requiring longer & more complex passwords, periodic forced password changes, etc. for folks who choose to opt-out. I would also have no problem consenting to and acknowledging a “higher risk” waiver, or something along those lines, in the event of compromise… Indemnifying Wyze for anything specific to my account but not for system-wide breaches.
Create a “shared” email account or set up rule based forwarding for 2FA emails to a group.
Easier workaround than getting Whyze to do it…
Unfortunately, Wyze does not support email for 2FA/MFA (yet?), but only support SMS text messages.
But you could set up a google voice number for your account, and have multiple phones connected to that google voice number.
NO COMPULSORY MFA is preferable to these alternative hassles…
KEEP IT OPTIONAL with proviso of stronger password requirements.
Holding out hope that this will materialize. An onerus MFA requirement should at least have several options to mitigate the pain. Push back on the data miners & jackals in legal already, Wyze
They’ve definitely had a knack for clumsy in a number of areas…
Good technology simplifies and doesn’t complicate… Just sayin’
Hello, friend!
We noticed that your Wyze account does not have Two-Factor Authentication (2FA) and we encourage you to enable it.
2FA is a great way to protect your account by making sure that when you log into your account that it’s actually you by using SMS, an Authenticator app, or our new email method. You can learn more about what 2FA is and how to set it up for your existing accounts here.
If you would like to opt-in to email 2FA for your Wyze account, you can use the handy button below. Please note that we will not ask for your Wyze account password during this process. If you would prefer to not set this up, no further action is required.
We will be rolling out email 2FA in the coming weeks. If you decide to opt-in, email 2FA will be automatically applied to your account when we roll out the changes.
Your friends at Wyze
Opt In
Note: This link is only active for one week after the email is sent to protect your account. If you need a new link, you can request one here.
What I find of interest in this message, are the multiple references to “email 2FA”.
The original announcement said that if you did not activate 2FA, that “we will send the 2FA code to the email associated with your Wyze account”, but it never indicated, and at that time the app did not support, selecting email as the 2FA method.
But the multiple references in this latest message seem to make it clear that you will be able to select it now (I hope that’s true).
@peepeep Have you noticed if there is an “email 2FA” option for you in the app now? There wasn’t before, and even in my app (Android) today, it doesn’t show that as an option that I can choose, and I am hesitant to disable and then re-enable it to find out right now.
Hey @B57
Nope, not on Android v2.35.0 (88)
Peeps,
You sure that email was legit? Hover the link to see if the URL looks wonky?
I haven’t received an email like this yet. Just double-checked spam too.
Also checked my app and didn’t see an email option, but that is probably to be expected since an update might be needed to include same.
Hey 2G, yeah, no, I donno. Odd that I’m the only one reporting…
"here"
https://support.wyze.com/hc/en-us/articles/9374288986011
"Opt In"
https://beta-oauth.api.wyze.com/api/v3/users/me/mfa/email/opt-in/verify?token=[a_hash]
"request one here"
https://beta-oauth.api.wyze.com/api/v3/users/me/mfa/email/opt-in/resendEmail?token=[a_hash]
EDIT-1: Meant to ask you the date of that email, @peepeep ?
It’s optional! It’s opt in. Hurray for sanity.
I’m sure hoping that’s how they meant it… and not simply that the email solicitation & method were optional, but MFA itself will still be enforced.
@peepeep , did you actually initiate MFA on their website or something to trigger the email?
Nope, and when I read the line @Customer quoted just above, I tied myself to the mast.
Just wondering how the optional inference squares with the above?
"Is 2FA required, or can I opt-out?
Yes, you can opt out of 2FA, but it will be required to set up a new account. However, we strongly recommend enabling 2FA"
This section from the above link seems to indicate that MFA is only going to be REQUIRED on new accounts.
Hate to say it, but Wyze is handling MFA rollout messaging clumsily. Multiple threads with contradictory circular confusion…
Don’t count on it!
They have had 2FA as an option for a long time – long before this nonsense about making it mandatory got started. They were VERY clear that they intended to force everyone to use 2FA. Then they backed off slightly with a hint that after we were all forced to use 2FA then they might let us opt back out.
Even the email that someone got which started all this cheering, still says that 2FA is optional now, but that they intend to make changes. I didn’t see anywhere that they said it would stay optional.
HOPEFULLY they have gotten the hint that there are a large number of paid and still paying customers who do not want to be FORCED to adopt 2FA, but based on their statements and their past performance I wouldn’t be sure what they plan to do.
EDIT-1: Meant to ask you the date of that email, @peepeep ?
Oct 13 ~6p Pacific