General article on camera safety that specifically mentions the WyzeCam.
I had read in the past the WyzeCam was secure and US based but they seem to disagree.
I kind of agree. I think (optional) 2FA would be a worthwhile security upgrade for Wyze to implement to prevent access to cameras using credentials obtained due to a breech somewhere.
2 Likes
WIth 2FA, you are generally only asked to verify with the 2nd factor only when signing on from a new device. I assume that’s how Wyze would implement it.
I’m a bit confused, is it possible that someone is watching my family on my Wyze cam? How can I make it more secure? Thank you
The most important thing you can do is have a strong password that you do not re-use with other sites and services.
Our information on security: We take our customers’ data safety very seriously. The communication between your mobile device, the Wyze Cam, and the AWS Cloud Server is made via https (Transport Layer Security (TLS)). We used symmetric and asymmetric encryption, hashing and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the data. Even if a hacker intercepts the data package, the data cannot be decrypted.
As RickO mentioned that means the most important part of your security is the password you use for the account. If you ever feel that your account may have been compromised the best thing to do will be to change your password for both your Wyze account, and the email used for log in (incase it was the compromised party). Client privacy is our number 1 priority and we do keep looking for ways to improve.
As of writing this I am unsure if we are planning to use 2FA, but I will be sure to bring it to the attention of our Devs! Please let me know if you have additional questions about this, I will be happy to help.
1 Like
Thanks Max!
The article is BS and should just be ignored. However I do have a complaint about Wyze’s enforcement of silly password rules. The length requirement is too much, while precluding the use of more-secure special characters. So now my Wyze password is memorable and probably the least secure of all of my passwords, but hey, it’s long enough to meet the rules.
Â
@Carlos, could you please tell me a special character or two you were not allowed to use? To my knowledge we should not restrict any special characters so I would like to investigate for you. Thanks!
No, not at all.
I may be wrong, since I can’t cause a problem now while trying to duplicate it. I tried my normal algorithms for creating site-specific passwords and your site rejected them all. Possibly because of the length (your length requirement is ludicrous IMO), but I thought I had seen a character type warning also. Now the ones I’ve tried work, other than length. So basically I just duplicated the logical password in series, and removed one letter to bypass what seems like duplicate detection.
It’s been a couple months, but I think that either hyphen or underscore were not allowed. I also had to do different PW format than I would have normally used.
Â
Interesting… seems they recently raised the minimum length by one character. When I signed up a month ago, the minimum was 8, now it seems to be 9.
While it suggests 12 characters mixed case, etc, it seems only requires 9, at which point it calls your password “medium”. It seems to call anything 9-10 “medium” and 11 or more “strong”, even if its all lower-case, or even all numbers. However, it will reject some very obvious passwords like “987654321”, and those with a lot of repetition “191919191919”
Seem strange that considers “81753560838” “strong” (11 random digits generated by random.org), despite just being digits. “36323933987” is considered medium, and is also 11 digits generated by random.org, but presumably it is ignoring one of the repeated 3’s. Obviously both of these passwords are of the same quality, having exactly the same entropy, and both are actually pretty poor passwords.
The strange 9/11 character boundaries makes me wonder if someones got some off-by-one bugs, and they were aiming for 8 and 12.
Thanks for the information both of you! I will forward this up to our Web team and see what we can do.
I have a per-site algorithm that produces an unguessable result that includes two cases, one punctuation, and numbers. But that is rejected here.
Â
Thanks for that article, it reminded me to turn on 2FA for my nest cams. lol . (didn’t help with my arlo cams, no 2FA)
2FA for Wyze would be a welcome feature =D