Turn Off 2-Factor Authentication

@davey_d​ 

Thanks Davey. I set that up. It is a bit non-obvious that you can do that. In most 2FA systems adding another factor means adding a different factor, as in a SecurID, Fingerprint reader, FaceID, etc. It normally does not mean another of the same type, just with a different configuration. But, now that I know, it is easy to set up. Thanks!

@captain11​ Unfortunately you can not turn off 2FA in the app. If I go to where you define it just lets me change the number that SimpliSafe calls for 2FA. If you try and delete it the app says that you must have at least one authentication method. If you try and add an authentication method it says that phone is the only one supported. So there is no way to remove 2FA and just use UID/Pass (aka 1FA).

I am not against 2FA in fact I am happy they support it. The problem is that they only allow one account, so everyone in my home who needs to use the app must share that one account (one UID/Pass). Hence when SS does its 2FA by texting my phone, it always texts MY PHONE, not my wife's phone. So if she wants to look at the cameras and it asks for 2FA, she has to text me wherever I am, and I have to send her the pin, so she can then get into her own application. That is just flat out broken. SS needs to fix that, it is a bug in their design. They should allow us to turn off 2FA until they can get multi account done right. 

@captain11​ I really wouldn't say that, captain. We were very careful in our choice of authentication system, to meet very strict adherence to industry standards. Not going with a third party app also means that we're not dependent on those external services.

But yes, as I understand it, 2-Factor Authentication is now required.

You definitely have to fix this. Every time I get an alert, I grab my phone and have to go through the sign in and authentication process and THEN I GET TO SEE THE EVENT AFTER IT ENDED!!  at least allow facial recognition or something that keeps my and my wife’s phones connected without interruption. No more 30 days BS.  Otherwise this is NOT a security system, it’s YouTube. 

@davey_d​ Respectfully, 2FA via SMS is not secure in my, and many others, opinion. Further, using SMS for 2FA is the easy, and less expensive way. I also do not see a risk supporting 3rd party authentication apps. We agree to disagree on this one.

Respectfully, 2FA via SMS is not secure in my, and many others, opinion. Further, using SMS for 2FA is the easy, and less expensive way. I also do not see a risk supporting 3rd party authentication apps.

Mark your calendars people, Captain11 and I wholeheartedly agree on something w/o reservation! :)

@davey_d  You mentioned "in accordance with industry standards" earlier but most IT Security folks will tell you that SMS is better than no 2FA at all but far worse than any of the many commonly available authenticator apps like Google Authenticator. (Some IT Security folks will tell you that using SMS for 2FA is worse than nothing as it imparts a false sense of security!) I'm hoping that the only reason you're sticking with SMS now is because you don't yet have multiple accounts implemented. Please please please make sure your product managers and developers know that we want OTP authenticators as an option in the future. You're a security company and you all should offer higher levels of security. (Even OnlyFans offers 2FA via authenticator app! :P )

@zimerclan​ Due to the fact the code can only go to the main account owner, it does make 2FA not work for many, and the previously mentioned SMS process is hardly bulletproof.

@zimerclan​ Multi-Factor Authentication is an essential part of keeping your account secure. But you can set it up to send the confirmation codes to other phone numbers - so you don't need to be the middleman during logins. We have the step-by-step here.