2FA Not Working for Me on Android

Hi -
My sister installed the Wyze Camera app on her Android phone and we cannot get the 2FA to work for us. She receive the email containing the 6 digit code, put that code into the 2FA box on the app and we were not able to login. We did NOT copy/paste from the email, but typed in the code manually.

She is certain that her password is being entered correctly. I was sitting with her while she was doing this and it all seemed like it should have worked.

What is the next step to resolve this?

Thanks,
Chuck

Are you using VPN anywhere in your path to the Internet? This could present a problem for you.
I would try disconnecting the phone from local WiFi, so the 2FA reply uses only the Cellular network.

Also, what browser it is opening up in? I know some of the less popular browsers have had trouble processing the authentication sometimes. I’d recommend Chrome for log in attempts.

1 Like

2fa can be sometimes quite difficult.

Some further potential issues that are easy to have happen (I’m not listing everything possible)…

Used the 2fa code within the time limit?

Send the code multiple times and use older ones that became invalid as a result?

Not sure I understand this…how does a browser get into the picture for 2fa on the app?

1 Like

The app uses whichever browser is set as the default:

There are actually lots of threads with people not being able to login to the app when their default browser is something else. :man_shrugging:

Very confused then…how does the app interact with a browser? Isn’t authentication from within the app? Where does the browser get involved?

1 Like

I’m not an expert, but I can explain some of the general reasons I’m aware of with how it’s working and why

Many apps, including the Wyze app, use OAuth 2.0 for authentication, which often involves redirecting the user to a web browser to log in. This is because OAuth 2.0 requires a secure way to handle user credentials, and using the system browser ensures that the credentials are not exposed to the app itself.

But wait! We’re staying within the Wyze app now (we actually sometimes used to be redirected log in to the separate browser app outside the Wyze app)! So isn’t everything exposed to Wyze app against the oauth requirements? Well, yes and no… While it is absolutely more secure to use the separate system browser app for oauth login, it’s actually common and allowed for apps to use what is called “WebView” (an embedded browser within the app), or what is called “chrome custom tabs” (recommended for the benefits of shared state, security, and customization to make everything match the app’s look and feel). This is what Wyze is doing now.

There are many reasons to use the embedded webview version of the browser or the chrome custom tabs instead of the system browser. One of the main reasons is that it is less confusing to users and matches their expectations better. It provides a “Seamless Flow.” Using an in-app browser keeps the user within the app, providing a more seamless and integrated experience.

Chrome custom tabs are basically still the Chrome Browser but are Ideal for displaying external web content, such as authentication pages or external links, without leaving the app. That is what [I believe/understand] is happening here and why sometimes there are conflicts with other browsers, particularly back when they had some authentication happening through the system browser instead of the webview or chrome custom tabs they are apparently using now.

:+1:

(Not that exposing Wyze credentials to the wyze app is a risk… But it’s just a general requirement or practice for oauth as I understand it, so it is supposed to be this way. Though I could be wrong and misunderstand. Just explaining how I understand it)

1 Like