I just went through the whole uninstall reinstall thing because of the new beta version (3.2.8 ?) Anyway, I noticed that I could log in without 2FA credentials, in fact I did it THREE TIMES after uninstalling the app and reinstalling it.
However when I logged into Forums it required me to use 2FA.
Why are my cameras not protected by 2FA but this forum is?
NOT a good look whatsoever.
I noticed this as well.
I assumed it’s because the last time I logged in with 2FA, it’s because I checked the box that said something like remember this device or ask again for 90 days or whatever it says. So I just assumed it was because of that. While my laptop seems to get a slightly different browser fingerprint everyone I restart the computer since a few high security portals always make me redo it when I restart the computer.
But if remembering the device is not it, then it’s a good thing to bring up in the official version release thread that they actually monitor, instead of a separate thread that might not get seen.
I confirm.
How do I do that which ones do they monitor?
To all,
Thoughtful discussion.
If I may chime in. If we step back and think critically about 2fa I would submit that:
If you open a browser, navigate to wyze, and get a login prompt, the authentication is between you and the web site server. If you have 2fa you will get a prompt by text or email asking you to confirm. If you confirm, the session is authenticated - - and a trust between your app and the web site server(s) is established. For the next 90 days you are out of the loop.
So why do you not have 2fa on the app. I submit it does. The mechanism that gives you 90 days by browser is probably the same only instead of 90 days it is permanent, unless you log out or reinstall the app.
I belive your cameras are behind the equivalent of 2fa.
A couple of betas ago a PIN was added. I have not incorporated it as I don’t want any delays when I decide I want to see something in the app!
In the Account tab of the App there is a Trusted Devices setting. If you enabled 2FA within the Wyze App it may designate that device as Trusted.
With 2FA already turned on, has anyone tried installing the Wyze App on a new device to see if you are then prompted for 2FA?
I got a new phone for one of my kids, so if nobody else tries before Christmas, I can try loading it on that phone and check it, if someone reminds me.
I’m certainly not an expert, but I had the passkey setup and do not know how that was configured at Wyze.
I do know my passkey is still saved in my vault and that may explain it for me.
Of course that might not apply if any users above were not using passkeys.
Or if the trusted devices is a server side countdown thing, which is 30 days I think on a phone before possibly requiring authentication again. Which still has 25 days in the new Wyze reinstalled app.
Still, you’d think a delete/reinstall would require an authentication regardless. Of course I don’t know how passkeys & trusted devices work exactly either.
Oh, now that you mention it, I might have used a passkey to sign in when I reinstalled, which definitely counts as 2FA.
I’ll join you. Just ordered a new s24 ultra. Should be here before Xmas. I’ll keep in mind to document what happens on 1st app opening.
Yesterday brought a brand new - out of the box - - Samsung S24 ultra online.
Everything finished updating.
I opened the Wyze app (b604) and was prompted to login. I was presented with a 2fa challenge. After acknowledging the challenge-- a few seconds later I recieved a text with the 2fa code. Worked great.
I apologize as I can’t remember if I saw the 90 day prompt for a trusted device.
Then logged into this forum. 2fa challenge worked same as app. This time I am positive I received and acknowledged the 90 day prompt.
Bottom line both app and browser used 2fa with new phone.