Two-factor authentication should offer to "remember" a device

This post is in response to my own post from a few hours ago and the same sentiment from another user on Nov 30.

The authentication system used by Wyze at “auth.wyze.com” (for forum, web view of cams, etc.) is secured with two-factor authentication, which is good.

What isn’t the best is that every time I log in using it, I must enter my two-factor auth code, even on personal devices that I am confident are secure and entirely under my supervision.

Most sites protected by 2FA will offer a checkbox on the auth code entry page like “don’t ask for a code again on this device”, so that the user can optionally suppress the 2FA requirement in the future on a per-device basis (via storage of cookies, I presume).

I would like Wyze to implement this basic feature so that I am not forever running to my google authenticator to get into my account on my personal PC.

Sure, but don’t forget they may not really want to make this TOO convenient to use regularly (even though it is a paid subscription-only feature). Wyze is reportedly charged every time the web viewer gets used.

TBH, the current implementation of web view seems really ill-conceived. When I use it to view my camera 10 feet away from me, it’s sending its video stream across the internet to be processed by AWS servers before being relayed back to my web browser. What a waste of bandwidth and cloud resources.

Doing it this way is definitely going to cost Wyze a TON of money and I’m just not sure why it had to be like that. It also highlights the fact that everything your camera sees, someone far, far away might be seeing, and permanently recording, too. Hmm.

2 Likes

There has been tons of discussion in the big thread but I don’t know why Wyze didn’t just license the available WebRTC based P2P functionality from TUTK / ThroughTek since they already rely on them for the phones.