Two Factor Authentication Requirement

Yup

You bring up a valid point that Wyze should consider. I would agree that forcing a mandatory Wyze initiated 2FA Active status via the email method for those that do not get on board prior to the mandatory cutoff date is going to cause some serious blowback for a handful of people. Especially since once that flip is switched and the email with the one and only key code goes into the ether black hole never to be delivered, there will be no recourse but to rebuild a new account from scratch.

A better option, if Wyze remains adamant about forcing an initial 2FA sign up, if for no other purpose but to verify active accounts as @peepeep suggested, then an opt out option, is to simply deny account login access until that has been set up. That setup should include a verification of phone number for SMS choice or email address for email choice. That way, the good information is top loaded before the 2FA is turned on.

Also, I didn’t give you credit above for Fire. Aim. Ready. Here is your credit: :credit_card:.

1 Like

This is exactly what happened with CamPlus Lite. Too many missed all the announcements or ignored them. What a firestorm that was. Still smoldering.

2 Likes

Of course the problem there is locking people out of viewing their own cameras. Whichever way one turns this is an unnecessary self-inflicted wound at the expense of unsuspecting customers. And the only reason it’s being done, as Dave admitted above, is to reduce perceived corporate embarrassment (that isn’t their fault to begin with).

You are correct. I remember as well.

@Customer’s “Fire. Aim. Ready” pattern repeated.

Perhaps some Strategic Predictive Wargaming sessions are in order. We can build them a Sand Table!

And who handled a fat chunk of the blowback and endless re-explaining and hand holding? We foolish volunteer forum and social network denizens.

2 Likes

True.

The lesser of two unfortunate outcomes though. The second does not jeopardize the account to complete uselessness. Only if the user refuses 2FA.

Frankly, to me, its less about the inconvenience that it causes me. And it not that Wyze is famous for being the last vestige of choice in the world. But what it is, IS another choice taken from us in a long line of stolen choices for free people. Another instance of someone making a decision for us. I’m an armchair activist. And this is imposing 2FA on me/us and represents something forced on me. Something I don’t want. One more thing.

I don’t give a d*** about the publicity or complaints by people that don’t have enough sense to turn 2FA on when it was available to them. I don’t like this decision being made for me, because others are too dumb to turn it on and improve their security if that’s their concern.

1 Like

Users on this forum keep assuming that wyze is a technology company. It could be that they are a marketing company that specializes in white label products with the wyze logo.

What kind of technology company would unlease all of this 2FA mayhem at the start of a major 3-day holiday when people are away try to enjoy their time off.

At most companies who ever approved this would find their desk cleaned out Tuesday when they showed up for work. Oh, I forgot we don’t go into the office anymore. Maybe their corporate logon has been changed and they can’t re-establish 2FA logon.

2 Likes

No, SlabSlayer, Wyse has said that we will be FORCED to set up 2FA just for the privilege of being allowed to turn it back off.

The absolute stupidity of that is overwhelming, but that IS what Wyse has declared as their solution of the large number of already paid customers who have already been screaming about their notice. Go read the latest version of the ever-changing 2FA FAQ

1 Like

I got the popup in the app, but did not get the email (despite having a correct valid email connected to my account). I didn’t bother taking a screenshot of the popup so I won’t try to quote exactly what it said. My recollection is that the popup said essentially the same thing as was shown in screenshots that have been posted of both the popup and the email.

According to those (and confirmed by Wyze in the Forum) Wyze is GOING TO force everyone to set up 2FA to access the app. The notice was not a requirement to do it now but just a statement that it was going to be forced in the near future.

The original notice had no mention of any alternatives. Since then Wyze has been both scrambling to say they will offer 2FA by SMS, by email, and by authentication app. They have also backpedaled by saying that AFTER we are forced to set up 2FA, then (and only then) we will be allowed to opt out of using it. Also the timeframe seems to have moved from an implied very soon to “several weeks” (probably because no one has written the code for any of the latest changes)

That was the status about an hour ago when I last read the 2FA FAQ – god only knows what it is now or what it will be by the time you read this. Maybe, just maybe someone at Wyse will develop a tiny amount of common sense and realize that forcing people to set up 2FA just to be able to opt out of 2FA is astonishingly stupid and will still make hundreds of customers irate as well as cutting off many existing customers who cannot or will not comply.

1 Like

I am well aware of what I am speaking about. I have been in the tech industry for 24 years :slight_smile: Thanks very much. Please do not try and undermine my intelligence based on your opinions.

1 Like

Ecaxtly. I fully understand that. Hence the word IF in front of my statement that confirms the same thing. Read the entire post. It considers how Wyze is planning to implement that very policy for those who do not opt in before the cutoff.

The word “IF” is very important here because, as the addition of Email 2FA and an Opt Out has already proven in an extremely narrow time window, this is a fluidly developing issue that could change with enough direct feedback to Wyze.

I did read it. In fact, I am the one who posted the link to it in my above reply to you yesterday at 7:12 AM ET. The FAQ was updated on Friday.

Correct. All discussed in the posts above. And on the other threads discussing 2FA.

The changes seen since the first announcements went out, discussed in many posts above, indicate that Wyze is monitoring the feedback, understands the impact it has on customers, and is flexible enough to modify its process to get to its 100% 2FA registered goal. This also illustrates how fluid this new requirement is.

What amazes me is that even with the newly promised opt out after initial setup, suggested by another user above as a means by which to verify all active primary accounts and identify spurious accounts, users are still militant about even activating it once then turning it off. 2FA has been mainstream security for nearly 20 years. I have encountered high security accounts that require 3 factor authentication (password, biometric fingerprint, and CAC) and have to be end to end VPN hardware encrypted. Have that many people never encountered simple 2FA in their online account activity?

I didn’t undermine your intelligence, I merely said you don’t know what you are talking about with regards to what I quoted.

1 Like

That’s because of the way it’s worded. When they add “in the future” to a statement (not a promise, BTW), then it is open ended and may never actually come to fruition.

1 Like

make it optional to turn off!

Finally read the last 100.
@WyzeDave
Could we just get the option to actively decline to turn it on?
@SlabSlayer - do you know how this will affect those of us running older versions of the app?
I’m stuck on v2.22.21 for some of my devices, (and I think so are many others).
And to everybody - if Wyze says they may do it in the future - how has that been working for you?

@WyzeDave I don’t want to use it. I do NOT want to give my cellphone out due to the possibility/probability that my cellphone number and data would be subject to hacking. I just don’t trust this type of alleged “security”. So, do not force me to use it.

1 Like

I can’t predict how it will affect older versions of the app, however my speculation would be that it won’t have a negative affect. Wyze has been offering 2FA integrated into the app since version 2.3.16

2FA was integrated in version 2.3.16
Authenticator Apps and TOTP were integrated in 2.10.36
Backup Phone Number was integrated in 2.13.118 (September 9, 2020)

As long as your version is within the last 2 years, everything should already be there for it to work.

EDIT: Sorry, forgot the last question:

I have but one login device, my Android phone. I have used an authenticator app for a long time as my FedGov sites all require it. It was very complicated to get my account w\ ID.me, but that is only because the FedGov requires a life history background verification to get the authenticator approval. I believe the other authenticator apps are easier. But, I just used what I already had and it was compatible with Wyze.

It is very easy and has never given me an issue. As long as I don’t log out of the app, I can open and close it as many times as I want for as many days as it goes and never asks me to reauthenticate. Even app updates don’t initiate a new authentication. If I do log out, when I log back in and enter my user\pass (from my password manager selector - fingerprint access only), it asks me for my authentication code, I minimize the app, open my authenticator, scan my fingerprint to open it, click on the 30 second code to copy it, switch back to the Wyze app, paste it, and I am again in the app indefinitely.

The Wyze Web site will ask for authentication every time I log into my account, but it is just as quick since my usernames and passwords are all managed by my password manager (fingerprint locked).

Also, and one of the most basic, but most effective security features I can practice is that all my account passwords are different and randomly generated by my password manager: a minimum of 16 digit random numbers, letters, caps, characters, spaces and special characters. I often run into problems when sites can’t handle the complexity of my generated passwords.

Just like the Authenticator has a master recovery key, so does my Password Manager… And a key file token drawn from cloud storage and also locked and saved in 3 different places. If my phone goes missing, all I need is a device with web access and the padlock goes on. Useless brick.

Do you think that a company who rolled this BS out on a major holiday. Who didn’t think of the feature set that almost all others using 2FA provide. Has given any thought to customers stuck on an older app release.

At lease they turned off the threatening 2FA messages in the app. Now we are back to the normal undesired amount of advertising. The nice thing is I have devices from 4-5 other companies and I get no advertising in their app.