Two Factor Authentication Requirement

I probably should not have tried “upgrading” to 2FA over labor day weekend BUT the problem I’m having is with the text codes showing up AFTER they expire. The first one to my phone took a few minutes but worked but I needed 3 codes to let Amazon connect to my account and I thought Google connected after 2 tries but now I keep getting …

Sorry, I couldn’t reach Wyze Home

So I’m here now trying to figure out if it’s on my end, Wyze or Google.

Oh and one thing I wanted to mention about CamPlus … I finally agreed to it with my security setup just to stop that annoying ad BUT it doesn’t stop, it NEVER stops.

For the most part I avoid using the app on my phone and just use Alexa to control everything … I prefer Google but apparently that might not be an option just now.

1 Like

You might want to experiment with the authenticator app. It doesn’t experience the delay like the SMS does.

As for the continued popups after assigning your cams to CP, just make sure you have the most up to date app. The app may also need a cache refresh to get rid of stale data. But do this after you have your 2FA locked down solid.

  1. Account → App Settings → Cache (Clear)
  2. Account → App Settings → Sign Out
  3. Close App
  4. Long Press App Icon
  5. App Info
  6. Force Stop
  7. Open App, Login and test.
1 Like

And after I clear the cache will my wyze watch data still be there.

I don’t have a Wyze Watch so I can’t be sure. I wouldn’t think so. But, let me reach out and get an answer first.

Despite the added inconvenience, I’m more likely to support and give 2-factor-auth a try simply because I don’t trust very many wifi connected security measures…many of which ware probe-able and breach-able…in this case, the big-C who has a huge history of Big Brother overreach. I’ll give it a try to see how it work and reserve judgement for the moment.

So WYZE can force mandatory 2 factor authentication down peoples throats, but STILL can’t fix this problem? How about letting ME decide if I want 2FA or not and allowing “shared” access to view SD card playback. If I share access to my cams I clearly want the people I share access with to actually be able to access the cams! Are the people at WYZE actively trying to get customers to go to other brands? It sure seems that way.

[Mod Note]: Your post and all associated replies were moved here as your subject matter is unrelated to V3 camera - allow continuous recording more than 9 days. Please avoid diverting a topic by changing it midstream.

1 Like

Not sure if this was directed at me intentionally or not, so just in case, I’ll clarify a little…I don’t work for, represent, nor speak for Wyze in ANY capacity. I am just a user/customer like you and most everyone else in this forum, I just volunteer to help out in the forums since I have a lot of knowledge about Wyze in general, I follow all their updates and help share what I learn with others, and I have a lot of experience using all their products…but just a user nonetheless, not a Wyze employee. I was giving an courtesy update (as a fellow user) to people following this thread, that there is hope around the corner, there is progress being made, etc. Wyze didn’t announce this as ready to go out right this minute, it was just me saying I’m seeing progress and hopefully it will go public soon.

EDIT: I guess there was an email about it being required soon. Honestly kind of surprised it took this long. So many people use the same passwords everywhere, that when one leaks anywhere (always happening), people use that same account info to log into other accounts, including Wyze, and then people blame Wyze that their account was “Hacked” and someone was “spying on them” through their cameras…even though it wasn’t really Wyze’s fault. LOTS of major companies (if not most) require some form of 2FA now, at least to confirm a specific device is authorized. I’m actually really surprised Wyze allowed us to choose not to do it for so long…but they few people who do have issues (due to not using 2FA, causes them a lot of bad publicity and people blame Wyze over it, so it makes sense that it’s hurting them too much to not force it now. :man_shrugging:
I guess I’ll finally go set mine up…I’ve avoided 2FA here as long as possible. I liked having the option not to use it since I had a unique, complex password, but not everyone does that. Hopefully it “remembers” approved devices, then it won’t be so bad.

This problem appears to be fixed. I’ve been using it on the latest beta firmware. There is something unrelated to this issue that I expect they need to fix on this firmware first before it goes public, but as far as the SD card recording, it appears fixed. It is something that is going through standard testing processes to limit any other collateral consequences. No sense in fixing one bug with an update that introduces some other unintended problem. Again, my announcement above was just a courtesy notice to people following this thread to let people know about the progress on the issue, that it appears to be resolved and will hopefully get pushed out to the public as soon as it completes testing procedures for all the other items in the same firmware batch that also need to pass testing.

I am looking forward to that too. They have mentioned they had on their roadmap something called “Role Sharing” which will hopefully do some of the things we are asking for…let us choose which settings different users can have (ie: allow my wife full access, and my daughters limited access to things).

3 Likes

I have 2 wyze accounts and never have been asked to do the 2 step if I do I will just delete it…also no biggie we have alot more important things to do.

Check your email. This evening, Wyze announced imposition of mandatory 2FA on all accounts, to be implemented over the next few weeks.

I hope they won’t be expiring auth tokens so often that we need to go through the 2FA rigmarole on a daily basis. That would be uber-annoying.

Wyze is claiming that this is necessary solely because too many accounts are being breached in password-stuffing attacks. I say that forcing 2FA is completely inappropriate. If an account is breached in this manner, it’s because
a) the customer is sloppy and deserves it for reusing account names and passwords; and
b) because Wyze is failing to automatically inject significant auth response delays after 2-3 failed login attempts on the same username.

Customers should always have the OPTION to use 2FA. They should never be FORCED into it, except when the customer’s account secures a fiduciary duty – which is never the case for a Wyze account.

2 Likes

I have been using 2FA for some time using an Authenticator app. It is required in the app only for login, not for daily use. Unless you logout of the app, update it, reinstall it, etc., It won’t bother you for authentication.

Alexa and Google home will need to be updated with the 2FA credentials initially as well.

Your account on the website will need it each time you login as will WebView.

How will 2FA affect use of Tinycam
?

1 Like

Probably won’t affect it much anymore. It had problems when Wyze 2fa first started, but the dev fixed it and integrated it way back a long time ago. The creator even works for Wyze now.

I’m pretty sure Tiny cam handles 2FA fairly well now, but I’d love to hear from someone who uses both.

Would also love to hear if there home assistant api has it working now.

1 Like

I use TinyCam Pro. No affect whatsoever. I can still stream all my cams.

I honestly don’t even remember if I had to authenticate when I switched to 2FA. :thinking:

I might have to change my key just to remember again.

Customers will have the ability to opt out when it is implemented. FAQ’s can be found below.

3 Likes

Being able to “opt out” is a contradiction to the announcement that it “…will be required”.

That’s very confusing customer communications. At this point, I can only wait and see.

2 Likes

The opt out came as a result of listening to customer feedback.

4 Likes

It also said the opt out will be available in the future. I have to wonder what that means… one week, one month, one year? Its sad that the original Email said they were doing this because passwords were obtained from WYZE themselves.

1 Like

Not quite, it said bad-actors were using credential stuffing (taking leaks from other sites and seeing if any of those matched the same username/password for Wyze too). Nobody obtained those lists or passwords from Wyze.

This is what the original email said:

Basically, Wyze is saying all their stuff is secure and protected on their end, but too many users were using the same password for their Wyze account that they use on other sites that leaked that information, so hackers were just testing the same info here hoping they’ll randomly find an account they can log into because the user isn’t using unique passwords here like they should. 2FA ensures nobody can do that anymore and protects users from online leaks.

2 Likes

Well its no biggie if someone wants to see our cams we have nothing to hide…so with that said back to my 1965 bottle of Pino…its sure goo stay safe over the holidays.

Carverofchoice cbartley99: Is there a way to contact you offline, personally? (I’m known to Wyze via other communications, not necessarily in these forums).