Smart security company Arlo is finally joining the ranks of Amazon's Ring and Google's Nest in requiring users of its products to go through two-step verification in order to authenticate access to their account. But when it comes to options for that second step, they may tally up a bit short for some people.
Arlo has had what it calls two-step verification as an optional security measure for its Android app since September, but account holders were notified that it would soon become a requirement via email. The message, in its original formatting, reads in part:
Two-step verification is an added layer of account security to verify that it's really you, even if someone knows your password. By the end of the year, Arlo will require all users to enable two-step verification. We strongly encourage you to enable this feature now for added security.
A hyperlink later on in the message sends readers to this FAQ page about setting up 2SV — in the Arlo app's settings, go to Profile, then Login Settings, then enable Two-Step Verification. If you're enrolled as a Friend to an Arlo account holder's network of products, you are able to set up 2SV for your own credentials independent of the owner.
When you log into your Arlo account on a new device, you'll have a choice between verifying a push notification on a device that was previously used to login or getting a one-time code through email or SMS. Security experts do not recommend SMS verification as malicious actors can easily hijack your phone number to receive the code.
If you're not happy with the lack of authenticator app support here, you should know that Nest and Ring also don't have it. The two companies started mandating two-factor logins last month — Ring's policy was enacted immediately while Nest's will come online sometime in Q2. However, neither service offers the push notification step that Arlo does.