Two-Factor Authentication (2FA) for Wyze Web Account

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Don’t be embarrassed, but your intelligence is showing. :wink:

Definitely!!! - Why has it taken so long for Wyze to do this?

Please add 2-step verification for website account access!
Thank you.

2FA should be utilized on the http://wyze.com website as well as the APP. After all if wyze.com is hacked then aren’t our home security and cameras hacked as well???

I have 2FA enabled on my account but very disappointed to learn that 2FA does not apply to website

Also, I voted for Google Authenticator as well, SMS can be spoofed and not as secure… Just my $0.02…

Welcome to the community, @lonewolf69junk. I moved your comment to the relevant #wishlist thread. :slight_smile:

Search Wishlist (enter your search word/s after #wishlist in the search box)
Search Roadmap (enter your search word/s after #roadmap in the search box)

Please read through How to Use the Wishlist and How to Read the Roadmap.

1 Like

I use pronounceable passwords where possible, e.g. athens-imprint-pesticide-fondness-zoe-whirl-espresso-euro. This article on Forbes is worth a read.

Now more than ever Wyze needs to add 2-Step Verification to the website account access… Please Wyze do this… why has it taken you guys so long for this?

1 Like

I’m a little concerned that Wyze has labeled 2FA for accounts as “maybe-later.” It’s not because I think Wyze won’t implement it because, quite bluntly, no significant company will survive longterm without eventually applying it, mainly financial, smart home, data brokers, security, and even quasi-security companies. In recent years, data breaches are no longer about if or whether but when. So my concern is more related to the unintended perception that Wyze mirrors the knowledge level of its customers regarding 2FA when it should have more to protect them. 2FA on accounts is not an optional feature but a mandatory requirement to fend against modern cybersecurity threats that every other significant company has or is implementing for their accounts.

Again, I know Wyze will inevitably implement 2FA for accounts, a natural evolution beyond 2FA solely within the app or hardware. So that is not my concern. My concern is that the optics suggest that even despite global data breaches impacting billions over the last few years and the recent Wyze data breach, Wyze still doesn’t appreciate the urgency of 2FA on accounts any more than its customers do. It seems they will only understand the importance after the third-party cybersecurity firm they’ve recently partnered with to audit and improve their security protocols inevitably recommends they implement it.

So at the very least, Wyze should update this wishlist tag from “maybe-later” to whatever label they use to convey “definitely-timeline pending.” I love Wyze and its products and am not at all trying to kick it while it’s down. I believe that “maybe-later” is potentially an avoidable PR nightmare waiting to happen, particularly after the Wyze data breach. It’s one thing to have only 15 votes on a wishlist item because most of your nontechnical customers aren’t aware of the importance of 2FA security. But it’s quite another for Wyze to value the importance of 2FA protocols based exclusively on the limited security knowledge of those customers. Thanks for listening!

1 Like

Passwords like “neighbor-hard-victory-hippie” are much easier to remember and much more secure. Password managers are fantastic tools but like any tool they have to be used properly.

1 Like

Correct. To clarify, passwords like “neighbor-hard-victory-hippie” are much harder to remember and much more secure than “password,” when relying on customers to do the heavy lifting, but of course much less secure than 2FA protecting all customers with passwords like “neighbor-hard-victory-hippie” and even those with passwords like “password”.

Yep, 2FA (token or physical key based) is much more secure. I take a defense in depth approach and use a password that is difficult to reverse engineer via hash and hard to crack via dictionary means. Then I use 2FA if available, then I use a password manager to change the passwords frequently then I never reuse a password or share a password or access to my password manager.

Even with all that I assume that I will be hacked at some point or exposed via sloppy security methods by a vender. So you hire a credit monitoring company and have your banking software set to notify you of all transactions or at least unusual ones.

And then, well that’s when damage control kicks in.

As far as IoT devices I use care where and how I deploy them, unplug them when I am not using them if I feel a need to.

Truthfully common sense goes a long way. The sad truth is people are lazy and do dumb things and vendors continue to enable that behavior because lazy people will just move on to another vendor that does not require them to be sensible.

1 Like

Your security game is second to none. You get it. I frequently have to tell people to enable 2FA for their banking accounts and credit card notifications after someone announces they’ve been hacked and have to go through the process of getting new cards etc. IT’S FREE! Just go enable them.

2 Likes

Would love to see this not only enabled for the web (as mentioned above by other users) but also when integrating Wyze into an Amazon or Google account for a smarthome. Right now you don’t need 2FA to link your accounts on these smarthome products.

1 Like

I use Okta for website MFA. Putting it out as an option as Google Authenticator and Authy appear to be main ones mentioned so far.

It’s a real shame that 2FA protecting your account doesn’t work for ANYONE outside the USA. You only allow US phone numbers for your SMS protection. What the hell use is that?

Hi @Tovrin,

I think you may have missed the few dozen posts above yours in this thread, including mine, that say the exact same thing? It is why it is always a good idea to search or read before posting. :blush: You may have also missed the posts from Wyze where they said they are working on enhancements to 2FA including methods that are independent of SMS? And that this work was now a priority?

At any rate welcome aboard!

1 Like

Hi @rbruceporter … I kind of just reacted when I did try to add 2FA to be my account. I’m glad they are adding authenticator apps to the mix and it can’t come soon enough. It just baffles me they restricted the SMS authentication was restricted to the US only.

I agree, I don’t understand how anyone can still offer text based SMS 2FA. It’s pretty much US centric, and the least secure of the available methods.

I would also like to see FIDO support for things like a Yubi key as standard offerings!

1 Like

Why is it that when they talk about 2FA, they only refer to the app?
We need 2FA for the online account as well… has anyone heard when Wyze is doing this?