Securing Your TP-Link Account – Deco/Tether Two-Factor Authentication
Riley_S
Adding Two-Factor Authentication to Your Deco and Tether Apps
What is a TP-Link ID?
Your TP-Link ID is the account under which all your TP-Link, Tether, Deco, Kasa, and Tapo devices are registered. It is also the account you use to log in to any TP-Link app, website, or tool.
FAQ: What is a TP-Link ID, and How Do I Create One?
Your TP-Link ID is also used throughout our services, from warranty claims to community accounts. If you already have a TP-Link ID and have not done so, we welcome you to log in to our official community and claim a public username for use on the forum.
What is Two-Factor Authentication?
Two Factor Authentication places an additional layer of security on your accounts by requiring logins on unknown devices to provide a code sent to your email or to an already-verified device. Adding this extra step can prevent many unauthorized logins and allows you to control what devices are logged into your account. Learn How to setup 2FA for Kasa and Tapo in the following FAQs:
FAQ: How to Enable Two-Factor Authentication (2FA) in the Deco App
FAQ: How Enable Two-Factor Authentication (2FA) in the Tether App
Why Should I Enable 2FA for My Tether or Deco Apps?
Adding additional layers of security to your network should always be a key factor when managing your network, and two-factor authentication is an easy way to accomplish this. Adding 2FA to your accounts will prevent intruders or third parties from logging into your account/network without being approved with a 2FA code
Tether and Deco 2FA Methods
After enabling two-factor authentication, you will be asked to provide a 6-digit code whenever you log in from a new or untrusted device. Both a password and verification code will be required for logins from unrecognized devices. You are able to receive an authentication code through the following methods:
- Deco App Notification Delivered to Trusted Devices or
- Email Notification with Code
Manage Your Trusted Devices
Once a device has been logged in using 2FA, you can find a list of previously authenticated devices under Login Security > Trusted Devices. From this screen, you are free to remove a device from the list to remove access, and the device must be reauthenticated with 2FA.
HomeShield Subscriptions
If you subscribe to HomeShield for your network, your subscription is tied to your TP-Link ID and can be assigned to one of the networks managed by your TP-Link ID. If you need to transfer the Subscription to another router, you can do this from the HomeShield Subscription interface in the Tether and Deco Apps.
Owner and Manager Accounts for Deco
Through the Deco App, adding another TP-Link ID as a Manager to your network is possible. This will allow your other TP-Link ID to control aspects of your network, whether for the IT expert in your family or to provide assistance to your less technical family members.
FAQ: What’s the difference between an owner account and a manager account?
Comment
Hey Riley! I'm so happy the 2FA feature was finally added. There's one thing I've tried everything I can think of to do but I haven't been able to, so I decided it's time to ask for your help.
I realize if I login with two devices, I can delete one.
However, I use the same device 99% of the time. So there's only one device in the authenticated device list and it can't be deleted or at least I haven't been able to figure out to accomplish it. I'm asking because I want to be required to enter a code every time I login. Someone borrowed my identity (everything) therefore I use 2FA when it's available either by receiving a text or using a code generator as well as change passwords frequently.
• Is there a way to delete one device or possibly disable the trusted devices list?
Thanks in advance for any advice you may provide.
Respectfully,
Stephanie
Hey StephH,
I do not believe so. I think that there will always be one device in the list of trusted devices. Our 2FA is really meant to use another Tapo App for authentication via a notification, and email as a backup method in case you have no other Tapo apps available or have been logged out. From the way that the 2FA is setup, I have a feeling that you will always have one device that must be trusted to receive the 2FA notification.
I will see if I can forward a request to our security team to prevent the first device from automatically being considered a trusted device or an option forcing the 2FA with every login.
Hi Riley!
I actually rec'd an email notifying me you replied! I don't always receive the email notifications.
I appreciate your reply & willingness to check w/the team. I understand it's most likely not going to change however, I feel it never hurts to ask, the worst that can happen is you're told no.
I was thinking about this because on other apps/websites which 2FA is used, it's always required to enter a code every time you login. It's not a one time action on any app/website I use 2FA although I have seen a message on a few which gives you the option to skip it the next time you login. Your device could be compromised & you might not realize it.
One example - if you're going to login to your online banking app/website & your device is authenticated one time then it's compromised & you haven't realized it. Is that something anyone would want to happen?
I've been thinking about this based upon a couple of factors I know will be issues to be considered among various additional factors. I keep coming back to two possibilities:
- adding a toggle button to enable/disable a device from being considered a trusted device
- disabling the feature
The algorithm will have to be changed regardless.
The addition of a toggle button could cause more work as well as cost.
If it's disabled, it'll cause those who have enabled it to have to enter the authentication code every time they login (an additional step). There's a lot of people if they've already used a feature formatted in a specific way don't like change. But in certain instances, if they took the time to understand the reason behind the change they'd be grateful but I guess I should say should be.
In my opinion it boils down to the fact tech is evolving everyday as are those who work tirelessly to hack into networks and anything else they can.
Ultimately staying safe online is & should be of the utmost importance to everyone. The reason strong, effective VPNs were created & constantly being updated in order to strengthen the security of the platform.
Considering there's so many individuals who, just as we go to work everyday spend their days/nights trying to hack any network they can. You must be very diligent about exactly what you do online, including checking email & texts. I always told my kids that, now only my youngest who's in his last year of college, majoring in Computer Science & Mechanical Engineering. He's been building, designing, coding using the different coding languages (taught himself) since he was a Sophomore in High School). He's already been offered a job when he graduates for an international company headquartered in Austria to be over their IT department for its US facilities. They reached out to him by seeing his LinkedIn profile then looked deeper online to ensure nothing negative was found prior to contacting him this past April.
Hope you don't mind I shared the above info. It's just I know a lot of my friends who don't even think about the fact how easily they could be compromised when online. However, recently one of my friend's network was hacked. She opened an email which looked as it was sent by a friend (used the name), she clicked on a hyperlink & it began. She's still dealing with the reprucussions & will be for a while. I told her she needed to let her friend know what happened because her email has most likely been hacked.
It happened because she didn't notice one simple thing - the name wasn't spelled correctly.
Thanks!!
Respectfully,
Stephanie