Smart home security company Arlo is now preparing to require its users to set up two-step verification (2SV) on their accounts by the end of 2020. That's based on emails reportedly sent out by the company informing users of the change. While the timeline is not definitive, the email "strongly" encourages users to turn the feature on now.
For clarity, the 2SV options in question are already available in the app and via the web interface. They are intended to help users secure their accounts by adding in extra verification requirements before sign-in is allowed. The features were added alongside a new Arlo app last year in September.
Arlo users can choose how their two-step verification works
Arlo, as per reports stemming from the company's help pages, is giving users three options for two-step verification. Those can be split into two categories — push notifications and messages. Those will appear any time a user logs into their Arlo account on a new device.
The former category, push notifications, is self-explanatory. Namely, when a log-in happens, Arlo utilizes those to send a notification to another device. That's going to be a device that's designated as "trusted" or that's currently logged in. Typically that applies to Android or iOS devices and tapping on the notification allows users to allow or deny login.
Push notifications will likely be the most secure route too. It's relatively easy for a would-be attacker to spoof and intercept messages. It requires far more effort to spoof a trusted device. Using push notifications requires access to the Arlo app on a mobile device. The option can't be used via desktop.
Arlo offers up two options for message-based 2SV. Specifically, that's via SMS text message or via Email. In either case, on a new login, Arlo sends a message with a security code that needs to be entered to access the account.
Secondary users, set up as a "Friend" on Arlo products , will be able to set up their own 2SV separate from the primary account holder.
How do you set up 2SV on desktop or from mobile?
Setting up two-step verification for Arlo is straightforward, though it differs slightly depending on whether a mobile device or the desktop website is used. In both cases, the Arlo account email is set up as an automatic backup to the option chosen.
On mobile devices, users will need to launch the app and then navigate to settings, then their profile, and then login settings. The two-step verification option is found under those settings and can be activated via a switch. From there, users need to select the option they want with regard to the type of 2SV used. The app will walk users through the rest of the process.
For desktop users, they'll need to navigate to the "my.arlo.com" website and click or tap on settings and then profile. Two-step verification is found on that page. As on mobile, users will need to flip a toggle to turn it on. 2SV via SMS is the only available as an option for desktop users.
Once those steps are followed, 2SV will be turned on across the user's smart home security environment.