Wouldn’t it be less a load on ur local servers for OTP type 2FA instead SMS? Since the code is generated on a app on the users phone and not some SMS sever thing? OTP is far more secure anyway (separate topic i know).
I can control things via GA atm, but the WYZE app is still not functional.
Actually, now and days we tend to recommend against changing passwords frequently, as most people have a natural tendency to either 1) reuse passwords across different accounts, and/or 2) turn “s@fep@55word” into “s@fep@55word2”, “s@fep@55word3”, etc…
Simply recycling old passwords or appending a single character to an existing password does not harden password entropy.
Today’s best guidance is to 1) use unique, 2) complex passwords (12+ characters, including alphanumeric and special characters) for every single account you have.
EDIT 2: Actually, social engineering is regarded as the number 1 way of gaining unauthorized access, and many enterprise organizations use phishing education (eg KnowBe4) to educate their user base. Without a doubt, end-users are the weakest link in the chain. Someone “sniffing packet data”, setting up stingrays, etc… tend to be targeted attacks and require much more sophistication to execute successfully.
New Wyze user here. Received multiple cameras yesterday for Christmas and hooked them up this morning. Mounted them this afternoon … and now this data breach is not allowing me to access the cams! Bummer.
I, too, am stunned that Wyze uses SMS-based 2FA, especially since it’s proven to lack any semblance of security. I’ll stop trying to login tonight and will try tomorrow. If not resolved by lunchtime PST then I’ll ask my wife and kids to return the cams to Amazon and I’ll buy others.
NOTE: I wanted these cams as I did the Indigogo for Camect, the multi-camera box and all video staying within my house vs. the cloud. As ex-Google engineers, I suspect they’ll take security seriously and I can use any of a few dozen cameras with the box and will have lots of options. Just sayin’…