I haven’t seen any email, but the same garbage notice popped up in the Wyze app when I went to use my Wyze scale this morning – TOTALLY STUPID (unfortunately that doesn’t shock me with Wyze lately)
I suppose there are some people who think they want 2FA for their cameras – that’s fine with me if Wyze wants to offer 2FA as an option – but requiring everyone to use 2FA for everything is completely ridiculous.
Guess what, Wyse? I don’t think anyone is trying to hack my scale, and I wouldn’t really give a damn if they did!
If Wyse security is so sloppy that people are worried about random hackers getting into their cameras or other wyze toys, I doubt that 2FA will really help. I have yet to see any system where the half-assed send-a-code-to-your-phone “2FA” is anything but a colossal p-i-t-a that accomplishes nothing to stop any serious hacker.
BOTTOM LINE for 2FA: option = fine… requirement=GoodBye
No! I was just in the process of ordering 3 more cams while they were on sale and I went into the app to check my cam versions. I wanted to check to see how many I would need if I decide to replace all with v3. The announcement greeted me right away. I changed my mind and ordered none. I’ll wait until they allow the opt-out for sure. I don’t need security like that to see what my cats are up to.
I have been using 2FA for quite some time now. Since I already use the Google Authenticate App, for like 5 other 2FAs for work. I just added the Wyze to my current app. Works great, and only need to use 2FA is I happen to log out of the app. There’s a lot of people complaining abut this, but it’s a security measure, it covers Wyze but more so it covers you as the user. So those that want to complain. I am sure you would complain a LOT more if your account was compromised! Right?
Nope. It’s called having a choice and taking personal responsibility. Using 2FA only protects you from people cracking your credentials AND accessing your account. It does not protect you from hackers getting into and accessing all of your data off of Wyze’s server.
Right. Until something happened to your account and you complain that it did for not having 2FA.
It’s not a big deal, you only need to use it if you log out. I don’t understand why this is such a big deal. Most companies that have similar cameras to Wyze have already done the same thing. This is 2022, it’s just how things go. Get used to it.
You honesty just don’t know what you are taking about. I’ve been in the industry for 22 years and work with security camera systems on a daily basis. 2FA/MFA has its own drawbacks and it has its place. An app like Wyze requiring it is not one of those places. I literally said in my reply that I wouldn’t complain.
The emails are being sent out in phases, so some may get them later rather than sooner.
There is also a response here from Dave Crosby, one of the Wyze Co-Founders that should be read;
The issue wasn’t so much that Wyze has poor security, it was more that customers have adamantly refused to utilize the security available to them and this has resulted in increased attacks on Wyze Customer Accounts.
Rome wasn’t built in a day. This is still a quite fluid development.
The announcement that this requirement will be implemented soon (but not immediately) is less than 48 hours old. Have you been locked out of your account for lack of 2FA?
What I interpret is that it will be a default ‘on’ requirement, when implemented, that will need to be set up but can then be turned off for those who actively choose to decline the added security.
It has been made clear both WILL be available when the change is implemented. Please allow them to have a Holiday Weekend before they move the mountain.
You act like this is a huge thing for them to implement. It’s already implemented…all they need to do is change the new policy that hasn’t even been put into motion yet. It’s literally one line of code that defines whether the feature is required or optional. And, it has not been made clear. The very article you linked says it will be required when this gets put into place but that there will be an option to opt-out in the future.
The mandatory use of 2FA has not yet been implemented and may very well still be in the final coding development before implementation.
The Opt Out to the mandatory 2FA (that has yet to be implemented and may not even be done coding) has yet to be programmed as the intent to provide this was just announced yesterday. I would be confident in suggesting that it isn’t just a cut and paste open source code.
The Email 2FA option to the mandatory 2FA (that has yet to be implemented and may not even be done coding) has yet to be programmed as the intent to provide this was just announced yesterday. Again… Not cut and paste.
You are seeking concrete answers to a fluid development issue. They don’t exist because none of this has yet to be implemented and all the timelines now have to be adjusted based on the modifications they are making in response to your user feedback.
If you have that one line of simple code to make this all work, submit it here and I am sure Wyze will be grateful for saving them the time and resources they are spending to make your account more secure while still responding to user preferences.
I got the email yesterday. I was going to post about it then, but forgot. I atually did get a popup of the 2FA on my phone when I opened the app sometime after getting the email. Since it’ll be implemented soon I went ahead and did it because I couldn’t find where I could skip it . I put the code in after they sent it to me and all was ok. I haven’t had it pop up since, but I’m wondering if it’ll pop up if I restart my phone.
None of my family members whom I’ve shared cmas with got the notices.
I take it you have no, or very little, programming experience? If you did you would understand that making a requirement optional in code is very basic. Switching over to email for the 2FA is also a pretty easy change since they already have email addresses for every account. You seem to be just blindly supporting them while acting like you know far more about how the back end works, or where they actually are in development, than you actually do.
I have been using 2FA for some time now. It does not bother you when you restart your phone. Only if you log out of the app before closing it and need to log back into the app.
Yet that he nothing to do with what I’m discussing. Some people protect their homes with security systems with no issues or hassles yet it’s still not a requirement to live in one. I’ve lost a lot of data due to a company (Dropbox) who somehow managed to screw up my backup codes (none provided worked) and I lost EVERYTHING tied to that account. What makes you think Wyze is anymore responsible than Dropbox? Accidents happen and 2FA has no recourse if and when you lose access due to the terms that apply to using it.
I have very little modern coding experience as I haven’t kept up with the newest platforms since doing it in the 80’s and early 90’s when it was still in it’s infancy.
I am actually just advocating for giving them the time to make it work… specifically because I don’t know how complicated it is. And, given that you don’t have any knowledge of the custom coding that Wyze has implemented, I wouldn’t think you would be so confident in being an expert at what Wyze needs to do to integrate all of this into a successful working model. If it is that simple, post it.
What would the point be in me posting a snippet of code be? Their programmers know what needs to be done. I can guarantee you that, if they don’t implement opt-out from the start, then the reason they are doing this is to grab as many phone numbers as they can for their data mining partners. This isn’t rocket science and they already have 2FA. Making it mandatory for any amount of time only has mine purpose…getting more data from customers.
I believe you are correct. The question is if users are going to provide them the time to do it or continue to post about a feature that has been announced but has yet to be developed and implemented.
Completely unsubstantiated speculation based on an emotional perspective. It is an argument simply for the sake of argument that distracts from the true security reasons for implementation. Logic would lead me to believe that this is untrue given they are also strongly advocating the use of Authenticator apps that do not have any phone number use.
They didn’t even mention the Authenticator apps until after they said it would be done via SMS and people complained about that. There’s nothing unsubstantiated about my opinion. They are already data mining our accounts and activity via Segment, Braze, and Google.
