Hey everyone. I’ve had not insignificant trouble trying to get these work in the past, which has been on-and-off resolved with blood, sweat, tears and additional networking. My issue now seems to be much less the performance of the cameras, which can be described as “borderline acceptable” only cutting out sometimes, but is now the web app.
The issue really seems to stem from the fact that I don’t use my phone a lot, nor do I really want to change that. I want to have these up, on a screen, to glance at occasionally or when I see something going on. Historically, I’ve been able to pull that off just with the app. I’ll have it in a browser window or use a PWA, or I think I had limited success with “WebCatalog”. The problem is, recently, even with a static IP I’m forced to re-verify my system via e-mail, then trust the computer every time I log in. Even selecting “Trust this computer” does nothing.
Any success in disabling or bypassing what is ostensibly 2FA? I’ve read about people loading customer firmware to avoid the webpage altogether, but I’m not sure that it’s available for my specific cameras (Pan V3) nor am I really sure I want to go that route considering. Just looking for some opinions.
The session timeout is pretty sensitive. Use a non-private browser window and an extension to reload the page every 5 mins. Cams on webview time out regularly w/ no warning and the 5 minute refresh seems to solve my issue, along with keeping me from being logged out through the day.
The issue is that even with that pretty much as my setup, I still have the same problem. Random log outs and reverification very frequently. For full disclosure, obviously I use ad block, also I’m on a linux-based OS using Firefox which may not be ideal. But I spent the money on the cameras, they’re my cameras, I want to at least be able to look at them in a way that I prefer. I have a static IP, why can’t I just tell them “trust IPs coming from this range indefinitely” somewhere?
Given Wyze’s somewhat spotty security history, which they seem to have learned from… I’d much rather them err on making me log in.
I don’t think you’d be having a different experience w/o adblock or a non-mainstream OS, but you could try. I’m on macOS and have the issues you describe & it has never worked differently or kept me logged in an entire day.
I’d much rather avoid having to tailor my browser for this, where possible. i do appreciate the feedback but im not at all keen on it. I’m not sure if discussion of the alt firmware here is banned so maybe I shouldn’t have mentioned that, but if anyone has any ideas that’d be stellar. I guess I could try to figure out loading it into an electron setup myself, but if it’s really sensitive it probably won’t help. there should be a method to disable 2fa, or an unattended service (considering how faulty apparently the sd card interactions i’ve read about with these are.)
the logical conclusion if i never actually figure out a workaround is to like, have them networked into a completely independent setup attached to, what, a secondary laptop or container. just unbelievably silly steps if there are any known workarounds that im missing.
Well, if you’re familiar with the per-site Firefox container settings, you could try just allowing the Wyze Web View access to other domain cookies. I understand you don’t want to tailor your browser, but as a developer it’s something I do regularly for sites to work in FF and it isn’t a browser-wide setting. Since another user does not have issues in Chrome, but you have 2FA repeat login in FF and I have the same in Safari, the logical conclusion is these browsers are sandboxing the Wyze Web View domain from its own cookies on other domains Wyze uses.
As to the firmware, I don’t know if it is banned to discuss, but having tried it recently I’ll say the HA ecosystem with Wyze specifically is very very broken and not worth your time right now.
yeah, i guess i’m going to try to get something running ad hoc that just lets wyze run wild and hope that it stops me from having to go through 2fa every day. I just wish that somewhere along the way the internal addressing was exposed enough to let me hook it into something other than the web view app, since it’s really not very functional.
Have you tried it? I have not, and I didn’t see a mention of your trying that in your posts so far. Although not recommended, it’s supposed to be possible in the mobile app at Account ➜ Account ➜ Two-Factor Authentication ➜ Disable 2FA (Not Recommended). The Help Center indicates that opting out requires a user to create a new account, but that doesn’t really make sense to me if it’s required and enabled by default, because that seems to imply that it’s going to be enabled on any new account, so I don’t know what the real answer is.
Since Wyze has—so far, at least—chosen not to support Firefox for Web View, the suggesting of trying a different browser isn’t terrible advice, even if it’s frustrating and not what a user wants to see. (I write that as someone who used to grumble a lot because certain Web sites depended on ActiveX controls and forced the use of Internet Exploder Explorer.) I think a better solution would be for Wyze to support Firefox, but apparently they’ve chosen to build the portal only for Safari and Chromium-based browsers. I already told @matthew_540012738in another recent topic that Firefox is unsupported.
Because Safari is WebKit-based, I thought I might have some luck trying suckless’s surf or GNOME Web, but those both failed to stream video. I generally use both Chrome and Firefox on a couple of different Linux distributions and mostly stick with Chrome for Web View, but if you have an aversion to Chrome you could try Chromium or other Chromium-based browsers like Opera, Edge, or Brave.
For whatever it’s worth, I have used Web View in Firefox on Linux and not had to repeatedly deal with 2FA tokens, but I’m also not trying to use Web View with a VPN (which can cause problems by changing the IP address that Wyze’s servers see) or Private Browsing window (which blows away cookies), and I’m pretty selective about which extensions I use (mostly uBlock Origin and Privacy Badger). The reason I don’t use Firefox as my Web View go-to is because I sometimes want to stream my Cam OGs, and I’ve never been able to get those to connect with Firefox.
I’m unaware of any such prohibition. If you search the Forum, you can even find plenty of posts about things like the Thingino project, which is all about open-source firmware.
Thanks a lot for the reply. I wasn’t aware that disabling 2FA was possible via the mobile app, shows what I know. I thought I’d looked all over, but you’re absolutely right about where it is. While I’d rather have it active for the majority of cases, it is obviously inconvenient for this particular case. It does seem to appear to just be possible, though, so that sort of sorts that gripe out.
I’ve had limited success so far running on a Firefox instance in a Windows VM - why that’s been working, I couldn’t really tell you. But I haven’t been asked to repeat the email verification prompt. The settings are, near as I can tell, identical to the way I’m running it on my actual computer, except in all fairness save states are kind of cheating. Brave was probably my next option as far as that goes, I just wish I could add it to a screen and call it good without having to manage multiple different browser profiles moving around.
The other suggestion with the phone mirroring may be super helpful, I have a lot of junk phones laying around, makes me wonder about repurposing one for this specifically.
You’re welcome! I should’ve been clear in my earlier post that I do still have to regularly log into Web View with my e-mail address and password (I haven’t yet set up any passkeys), but I don’t have to enter a 2FA code (I use an authenticator app) very often unless I’m trying to log in from a fresh browser or one that I haven’t used for a while. As long as I’m letting the browser save cookies and telling Wyze’s authentication server to trust the device that I’m logging into at that time, it’s just username and password to get back in next time…until the 90 days or whatever expires.
One issue that I run across regularly is despite “trusting” machines for 90 days, even though I have a static IP and my access device is assigned a specific IP, is that it doesn’t actually work or continue to trust the device for any number of days.
I want to preface this next statement by saying that I have a very limited, narrow understanding of web design and authentication.
the forum doesn’t seem to time out in the same way that the web view part does? clicking it first, i appear to be just logged in. and then loading the web view platform seems to inherit that login without telling me that i’m on a different machine? hard to say what’s actually causing this behavior, but if it remains consistent it does seem to solve 90% of my problem.