Arlo Will Make Two-Factor Authentication Mandatory Later This Year
You would expect that companies whose business is to sell security products would themselves implement good security practices but reality is often stranger than fiction. There are times when they themselves are prone to be compromised or, worse, leave their customers unprotected. These days, passwords or PIN codes are no longer enough and two-factor authentication or 2FA has become the most-advised second defense against hackers. Fortunately, Arlo will be making that system a requirement for all its users before 2020 is over.
To be fair, Arlo already supports what is called two-step verification for its accounts, except that it's optional and you actually have to know it exists. What's changing is that it will soon become required for all Arlo accounts and the company is advising its users to enable it sooner rather than later.
Arlo customers have three (really two) options when using two-step verification. The first one is the most convenient but requires that they have already set up their account on another iOS or Android phone. If that's the case, you will be sent a push notification that you can accept or reject to authorize the login.
The other option uses the common one-time password or OTP sent to SMS or email. Using SMS is pretty much frowned upon because of its insecurity and some might compare it to having no 2FA at all. Unfortunately, Arlo doesn't support using authenticator apps but it isn't alone there as neither Ring nor, ironically, Nest does either.
Given how smart home security systems are of interest to both hackers and some authorities, it might be a good idea to enable 2FA now rather than wait for the end of the year. Registered Friends don't have to wait either as they can enable 2FA on their own accounts independent of the main account owner.