Two Factor Authentication Requirement

Sounds to me like you need to educate some of your end-users who don’t know how to secure their devices rather than force a blanket requirement on everyone else. Next time someone complains about someone gaining access to their cameras all you need to do is tell them to enable 2FA. Seems to me like you are taking the easy way out and that’s just going to irritate the majority of your users in effort to quiet the few people who are using stupid and easy to crack account passwords.

2 Likes

Tablet landscape mode error is not fixed by Wyze for a very long time yet and I have to use tiny cam pro which will be broken by 2FA !

“Already seeing this feedback makes me think we will likely make it on by default but optional to turn it off for those who don’t want it.”

If it was implemented this way all of the users without a +1 phone code won’t be able to login initially to turn the option off.

Where forum members have suggested authentication apps, it would useful for Wyze to set out the process to get this working and test it before making any planned changes to use enforced 2FA.

| WyzeDave Wyze Team
September 2 |

  • | - |

carverofchoice:

I am actually surprised Wyze didn’t enforce this a long time ago like lots of (if not MOST) other major companies do…and few people avoid the other major companies from forced 2FA…too many people reuse the same passwords, and then suddenly people start using those leaked credentials from other sites to log into their Wyze account and then the person starts spazzing out on social media that their “Wyze account was HaCkeD!!!” and Wyze gets bad publicity and it costs them a lot of money in people’s paranoia, when the issue was never even Wyze’s fault…there were 2 really high publicity “HaCkEd!!!” reports just within the last week that people were freaking out over (mostly on Facebook)…so it’s not too surprising that Wyze is sick of being blamed for things that are usually just bad password management and the user’s fault (leaked reused passwords, keyloggers, or a bad actor they associate with who has access to their devices or network).

This is a pretty good summary of why we are doing this…too many reports lately of login credentials stolen then getting very upset at Wyze and/or going to the media to blame us for it. Too many people have cameras inside homes, we just feel more security is needed.

We will review all your feedback here and make sure we implement as carefully and thoughtfully as possible. Already seeing this feedback makes me think we will likely make it on by default but optional to turn it off for those who don’t want it. Let us know your thoughts.

Also, to clarify, this is only when you login, not every time you open the app.

2FA via authenticator app has already been implemented and been in use for several years:

1 Like

Well I got it on the app when I did a complete weekly apps update and rebooted my tablet. So I did it… not a big issue at first… THEN I tried to log in with this laptop to check for Sales and it took 12 “resend the code” before it finally showed up… worked WHEN it got here… What I want to know is why force US to use another app or must send to your phone… I HAVENOT owned a cell phone for over 10 years… WHY CAN’T be sent to my email like REAL companies do?

It’s in development. Give it a vote to show support!

4 Likes

I have no problem with 2fa - until something better comes along. I prefer to make it as difficult as possible to keep the jerks out there from messing with my accounts.

However -two things:

  1. SMS is not perfect. But SMS is a lot easier for many people to deal with than an authenticator app. And SMS is a heck of a lot faster than email.

  2. Speaking as a Canadian with the Canadian Wyze store so you know who we are!, Why oh why does the Wyze app insist that SMS authentication is only valid for US numbers. Would it be so difficult to add “and Canada”, or perhaps country code “1” numbers? It will probably cut down on support calls and forum posts.

Just saying…

1 Like

IF those folks complaining about security are not using 2FA that has already been an option, then to insure their security, the should unplug their camera and pull the hole in on top of them as the go underground.

I don’t want the 2FA, and I too will start looking for an alternative camera supplier. No, that won’t put a dent in Wyze’s bottom line. But my mouth will not help Wyze.

3 Likes

That’s a reasonable compromise, and what @carverofchoice suggested earlier. I’m fine with this if we can opt out. (Update: not okay; see below.)

Edit: my assumption is the opt-out wouldn’t require setting up 2FA first, because that would be dumb. :slight_smile:

Edit 2: And dumb seems to be Wyze’s decision! They are, insanely, apparently requiring a full 2FA enrollment before it can turn be turned off. This is not opt out, it’s punishment and data acquisition. I am NOT okay with this.

4 Likes

While I’m all for protecting my financial accounts with 2FA, I’m not much into 2FA protecting the few wyze deices that I own.

The bad news is I just bought a couple of wyze devices for a friend and was going to set them up. But 2FA and multiple app devices will probably be too much for them. The good news is wyze devices are cheap and I can just junk them versus all the hassle of returning them. Plus I investigated a bunch of other manufacturers with slightly higher prices but more features.

maybe I just won’t update the app until logon fails.

I’d be fine with the ability to opt out but it also seems silly to require existing users to enable 2FA just to disable it again.

4 Likes

I have been using 2FA for months now AND TinyCam Pro both before and after setting up 2FA. In fact, I just added a new Wyze Cam cam to TCPro and 2FA was not needed by the setup.

TinyCam is not affected in any way by the 2FA. It works perfectly. This is because it is not accessing any account information or settings and is only a P2P stream using your basic account credentials.

EDIT: Thanks for the info in your reply :point_down: @catcat1386! I set up 2FA so long ago and had already been using TCPro I didn’t even remember a 2FA pop-up in TCPro. Since my initial setup, it has never asked me to authenticate again… Months later now.

1 Like

Thanks! You are correct. Set up Wyze 2FA again and launched tinycam pro. Pop up requesting 2FA code. After inputting code once the app works like before ,

The SMS 2FA codes were sent from different phone numbers. Since I have many Fire HD10, two HD8 tablets which has the landscape mode working for Wyze app, I have to keep archiving those 2FA SMS after using them. It is more convenient for those 2FA codes sent from the same number. And I can add the number to contact list.

1 Like

I set my SMS 2FA up this morning, logged out of the app, logged back in, received the 6 number code opened the app and also got a Pop Up similar but on the left side it said dismiss which I did since I already set it up. App is working fine (For Now :astonished: :astonished:)

The part I like is that I don’t use a cell phone and thus, thank god, I don’t get bombarded with an endless stream of SMS messages. Ofd course I doubt that a SMS message sent to my VOIP phone will arrive.

Of course unlike all the other businesses that will e-mail the 2FA code, that seems way too complex for wyze. They will require a seperate app. Nice.

GIGO

Email 2FA is in development and will be put in place before the required date.

2 Likes

You mean a single phone number for a family that has 3-4 phones plus tablets won’t work?

Send me another e-mail when it’s fixed.

Here is the problem (or a problem). I have several cameras in my house to help keep an eye on my elderly mother and my home. My brother has his own WYZE account and I share cam access with him so he can keep an eye on her and the house when I am at work. For whatever reason, WYZE DOES NOT allow those with shared access cameras to view SD card playback. It is impossible for us to monitor the cams 24/7 so we need to be able to watch SD card playback at times. He needs to log into my account with the WYZE app to do so. Again, that is WYZE fault for not allowing shared cams to view SD card playback. How is he supposed to do this with 2FA?? Why not allow shared cams to view SD playback? If I “share” cam access, I clearly want the person I shared it with to be able to actually watch playback. At least make it an option for the main account holder to be able to decide if they want to share playback features. I understand the people at WYZE are getting tired of being blamed because of lazy passwords or other site breaches, but that will always happen. Unfortunately, there will always be those unwilling to take responsibility for their own laziness. The rest of us who are responsible shouldn’t have to go to another product because of it.

I am NOT giving out my phone number, which doesn’t really make things any safer or more secure. All it does it make a HUGE pain in the ass out of trying to log in to an app. If they’re that worried about security, work on making the app/cameras/accounts/network hard to break into. I just got kicked out of Instagram (for no reason, I don’t post. I mainly just followed people and liked their posts or commented on occasion) and even after entering an email code, they wanted my phone number to verify it was me. NO. I get enough spam texts, etc., as it is now I am NOT allowing any more access to my personal data to ANYONE. Figure out something better. This infuriates me.

3 Likes

I haven’t seen any email, but the same garbage notice popped up in the Wyze app when I went to use my Wyze scale this morning – TOTALLY STUPID (unfortunately that doesn’t shock me with Wyze lately)

I suppose there are some people who think they want 2FA for their cameras – that’s fine with me if Wyze wants to offer 2FA as an option – but requiring everyone to use 2FA for everything is completely ridiculous.

Guess what, Wyse? I don’t think anyone is trying to hack my scale, and I wouldn’t really give a damn if they did!

If Wyse security is so sloppy that people are worried about random hackers getting into their cameras or other wyze toys, I doubt that 2FA will really help. I have yet to see any system where the half-assed send-a-code-to-your-phone “2FA” is anything but a colossal p-i-t-a that accomplishes nothing to stop any serious hacker.

BOTTOM LINE for 2FA: option = fine… requirement=GoodBye

4 Likes