Two Factor Authentication (2FA)

testing
#64

Early stages of design and workflow. During the first release, SMS will be used as this is one of the most requested methods. We will evaluate other methods in the future.

7 Likes

#65

Looking good @WyzeMark! Thanks for all the effort you guys are putting in. If possible, please make sure the SMS 2FA you’re implementing can support international numbers. I’m based in South Africa and currently exclusively using imported Wyze Cams. I’d hate to miss out on 2FA even though I understand the cameras are not officially supported outside the States.

1 Like

#66

Checking the associated cost with supporting international numbers, but the current plan is just with US. Will give an update after we have the discussion with dev team

1 Like

#67

Ok looks like we can only handle US and Canada. Do you use Authy or Google Auth? That can serve the need in place of international numbers

4 Likes

#68

Thanks for checking @WyzeMark. I originally voted for Authy (or Google Auth) as they are not region specific. The only difference I can see with using an authenticator app instead of SMS is the backup method would have to be something other than a phone number in the case of international numbers (perhaps email since your SMS provider only supports the USA and Canada). An authenticator app would be my preferred method for 2FA as it also has many security advantages over SMS. I don’t know if your roadmap includes authenticator app support for initial 2FA release?

2 Likes

#69

@WyzeMark posted this yesterday. So yes, it’s being considered for future, but not in first release.

1 Like

#70

Another vote for Duo Mobile (I also use the one built into 1Password). Why tie it to a particular app? If you follow the TOTP RFC (6238) then any of the authenticator apps would work.

2 Likes

#71

Yes this is super important to me. I was using a camera from a different company as a baby monitor, and it was hacked. The camera was moving on its own (controlled by another person via app) and scanning across my bedroom. It made me feel sick. I believe two step authentication, while not perfect, is a much needed step for user privacy.

0 Likes

#72

Update from team: Work will start after we release both 2.1 and 2.2 versions of the app. We had to work on connectivity and firmware tasks so this got delayed.

7 Likes

#73

Thanks Mark for the update. Quick question, I assume Wyze is considering how this affects the Alexa skill integration? (e.g. would an SMS code be able to be entered upon enabling the skill for those who want (2FA) and continue to use the Wyze cam on their Amazon devices? Thanks for the hard work.

0 Likes

#74

They are currently not integrated, e.g. the code will only be used to enter the app login page. This is a good thing to note, I’ll bring this back to the team

0 Likes

#75

Thanks. Yeah in a sense, that would be a “backdoor” in that 2fa wouldn’t be required to access the feed even if enabled on the Wyze account level. Granted you would need to be on the users local network to enable but still, when thinking about this, making sure we’re thinking the full picture. Easier said then done. Thank you sir.

0 Likes

#76

NIST does not recommend SMS.

I use Authy when available.

1 Like

#77

Please extend out to outside US and Canada as many wyze users such as me are outside of US and Canada.

0 Likes

#79

Sorry, I don’t remember.

Would you be kind enough to point me towards a post on their blog or press coverage?

0 Likes

#81

That isn’t “last year” nor “hacked”.

What this bitcoin blog is referring to is that In 2015, they discovered during THEIR OWN TESTING, a small problem unrelated to authentication.

https://authy.com/blog/phone-change-process/

Please don’t spread misinformation.

1 Like

#82

Any updates on when the 2FA will be available ? I just bought 2 more cams and we have been waiting a while.

1 Like

#83

I’m a bit baffled, to be honest. I’m glad we are getting 2FA, but I can’t understand why are starting with SMS 2FA, even though vote on this page clearly shows that it’s what people want’s, they want OTP 2FA. Then I read further on, and see you are only going to support US and Canada, well gee thanks, then it’s useless for some of your users.

Come on Wyze! I love you guys, but you are about to launch Wyze Sense, a home security product, and you don’t have something as simple as proper 2FA support. You NEED to throw some resources after this and get this fixed.

Seriously guys, I can already predict the headlines: “This family got their camera and security system hacked, now videos of their children are being shared on the Internet”

0 Likes

#84

I just stumbled across this and have not had the interest or time to read the whole thread.
But it seems you are going with SMS.
My Android tablet doesn’t do SMS. I have to load more software.
It does do email.

0 Likes

#85

I use Microsoft Authenticator. Simple, clean, reliable interface.

0 Likes