2 Factor Authentication (2FA) Information

Hello everyone.

As I am sure most of you know we sent out an email about an upcoming change concerning 2FA. There have been many questions coming up and hopefully we can get them answered.

Here is a copy of the email

Hey Friend,

We’re making an update to better protect your privacy. Previously, using two-factor authentication was strongly encouraged but not mandatory. In the coming weeks, all users will be required to use two-factor authentication to log into a Wyze account.

We recommend setting up two-factor authentication (2FA) now so you’re ready for the change.

Please be sure you have access to the email address associated with your Wyze login so you don’t get locked out of your account. If you haven’t selected the use of text message or an authenticator app, we will send the 2FA code to the email associated with your Wyze account and you will need that code to log in. If you no longer have access to that email, please change your Wyze login email ASAP.

What’s Two-Factor Authentication (2FA)?

2FA will send a code to your mobile phone that must be entered before logging into your Wyze account. The code is sent to you through email, text message or a 3rd party authenticator app.

Why will this be required?

Attempts to access accounts through credential stuffing (using lists of stolen usernames and passwords compromised from other websites) have been increasing. Our systems already have multiple layers of security. We transmit camera feeds over encrypted channels, leverage tools that routinely and automatically monitor for threats, and immediately notify users when suspicious activity is detected, but 2FA is the most effective way to protect your account.

I no longer have access to the email I use to log into my Wyze account. How will I get the 2FA code?

You’ll need to change the email address associated with your Wyze account. You can find instructions here.

When will this change take place?

We plan to roll out this requirement to all accounts over the coming weeks, but you don’t have to wait for it to be required. You can set it up right now.

How can I further protect my account?

Thanks for asking! As always, we strongly recommend you make a unique password for Wyze. Don’t reuse passwords you’re using for other accounts or websites because if someone hacks that site and gets your username and password, they are going to have an easier time logging into your Wyze account. A strong, unique password combined with 2FA will provide excellent protection for you and all your Wyze devices.

Click here to check if your recycled credentials were already reported as part of a data breach from another website.

If you have security concerns about your account, please email security@wyze.com. We are happy to open an investigation and help you out.

Thanks,

Wyze Security Team

Here is a link to the FAQ and if there is something that is not answered there I will do my best to answer it.

Brenda did a great job with those FAQs! They answered several questions/concerns I, myself, had and I think the answers are really good ones!

Some of my favorites:

• No, we don’t have to use 2FA every time we open the app, just if we log out and want to log back in.
• 2FA will be required to set up an account, and there will be an option to opt-out in the future
• The answers about how it impacts sharing the account with other people were good
  • Though the suggestion of sharing with everyone using their own account doesn’t resolve the issues of people not being able to review SD card playback with shared accounts. That’s still a big flaw here. Although sharing the same account is now harder if you use 2FA through text or email, you can set up an Authenticator app and share the credentials with a spouse or someone else to an authenticator app on their phone so you’re both able to use the same 2FA option for the same account.
• I’m very happy about the precautions taken for failsafe solutions in case we lose our phone. We can have a backup number or email as a backup. I’m a lot more reassured with all that!

I appreciate all the good effort to answer a lot of the questions many people had. Those FAQs were much more reassuring. I am liking all this A LOT more now.

I set it up with SMS, If Wyze sends Any Unsolicited Junk/Spam to either of those numbers I will file a dispute with the FTC, and possibly proceed with legal actions…

Is 2FA really required, or can I opt-out?

Yes, 2FA will be required to set up all Wyze accounts. But there will be an option to opt-out in the future.

The email was sent to people with existing accounts, ie, already ‘set up’ (established.)

1. I am currently logged-in to my Account via the app and have been for 6+ months. I will not (willingly) log-out of the app.
2. I will not be logging-in to Wyze.com.

Can I do nothing with respect to 2FA until I am offered the opportunity to opt-out ‘in the future?’

The opt-out was put in due to the customer feedback, so basically if you do not set up any 2FA, at some point they will set it up for you with e-mail as the option. After that you would be able to go in and turn it off. This could change prior to it happening and if it does I will update you.

My first thought after reading this garbage was a simple two word phrase that I won’t use here.

Then I waded all the way through this garbage to find that the idiocy was even worse than I had expected.

Not only will I be required to use a pseudo"security" “feature” that I don’t want but I also have a requirement to keep you advised of my email address AND you are going to throw away the order records of my account every time my email happens to change?!? WTF??

And I’m supposed to trust Wyse to manage a 2FA system when you can’t even manage to send out an email to the address you have on file? (Yes, since I did NOT get the notification email that you claim to have sent out, I just checked the email address associated with my account – it is correct and current).

I would urge you to correct your severe case of cranial-rectal-inversion and go read all the forum threads of customers telling you NOT JUST NO BUT HELL NO TO 2FA.

This is why customers will be able to opt-out.

When will we be able to opt-out? I mean a real date, not just the “later” answer.

I do not know yet since it is being added due to customer feedback, but they will have the opt out ready when they do the push for 2FA in a few weeks.

I don’t like the idea of being forced to do it. I do liken this to being forced to wearing a seatbelt. I said this on Facebook and will say it here that this should be a person’s choice. Many of us use these cams to watch our pets or watch the wildlife outside. If I choose to not use it and then get hacked then that’s on me. You may lose a lot of customers because of this.

Thanks, Jason.

1. All Wyze accounts will be required to set up 2FA.
2. If you do not do it yourself Wyze will do it for you (code sent by email.)
3. Thereafter you will be able to opt-out.

Correct?

If you are right that “they will have the opt out ready when they do the push for 2FA in a few weeks” that’s ok (barely, but ok) if it works.

There will be a way to opt-out.

That is correct.

…and we still can’t login using iOS Face ID or Touch ID…

I’m so glad I’m not the only one frustrated with 2FA. Logging is from phone app has become a very big pain!!

OK, lets not get our shorts in a knot. I too get annoyed with 2FA and having to get my phone so I can log into some sites. HOWEVER, you would all be screaming how lack WYZE was for not providing enough standard security features, if you got hacked. I don’t mind the extra security for my Banks, Financial sites, health care (SS#) sits, etc. These are sites none of us want Hacked. In other cases, where emphasized textI (note the I) feel the risk is minimal, I either do not invoke 2FA or I turn it off if the option is provided. SOOO, WYZE listened to valid concerns about the option and it appears they are providing it. Then it will be up to each of us to decide if each individual want to utilize this feature

SOOO, WYZE listened to valid concerns about the option

Why wouldn’t wyze just look at the 2FA features that almost everyone else provides and provide those. Versus waiting for blowback.

At times posts in the wyze forum are almost nonsensical

I concur with ‘horn’ to use what smart providers use, dadding “don’t ask for this device” that way you keep 2FA on and only takes the first time to use code for each device.