Multi Factor Authentication
Multi Factor Authentication
It's imperative that you add Multi Factor Authenication to the KASA platform. These cameras are placed in people's homes. We must be able to ensure our privacy and security are protected.
This hacks happen all the time. Please protect your customers.
https://www.nbc-2.com/story/41428183/stranger-spews-racial-slurs-over-familys-hacked-ring-camera
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Announcing Two-Factor Authentication for Kasa Users
Join the Conversation about Account Protection, and Other Layers of Security, or Ask the Community for Help @ Introducing Two-Step Verification
We have started to roll out two-factor authentication for our Kasa accounts. This means that, when enabled, a new device signing in with TP-Link ID will be asked to present a time sensitive verification code to protect your account from unauthorized access.
I have already created and published a new KB Article detailing how to Set up 2-Factor Authentication in the Kasa App. If you want to jump ahead and get registered, the instructions for sign up, if eligible, can be found here:
Enabling Two-Step Verification on the Kasa App
As a reminder, we are slowly rolling this feature out to our users by enabling the feature on your account in waves. The menu for Two Factory Authentication can already be found in the app, and will tell you if the feature has been enabled on your account yet.
- Copy Link
- Report Inappropriate Content
We have been discussing multi-factor authenication internally but do not have any time tables available or even if it will come to frutition. Much of the "Hacking" comes from people who use simple or common passwords or a password that is used over mulitple accounts and has been comprimised elsewhere. We recommend unique and complex password for your Kasa Account.
- Copy Link
- Report Inappropriate Content
@Carl is there any update on this at all? I updated on a separate thread for 2FA. It's imperative this is released, new breaches every day. 2FA is considered basic requirement at this point.
- Copy Link
- Report Inappropriate Content
No nothing that has been updated to us. Though truthfully we do not typically get updates on roadmaps from the Development teams until the feature is nearing launch. The last thing we want is for a feature to be discussed and said its comming or a specific date for release to be given and then plans change. For this reason support typically does not get updates until release dates have been made public. I can say we have disccuessed this but beyond that I do not have an answer on potential release dates or even if we are going to go to multifactor
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hello. I'm a web developer that specializes in building secure online credit card transaction systems. Plain and simple, this answer is unacceptable and laughable that someone thought this was an appropriate response, even if it is the truth.
2FA isn't something your company should be talking about - it's something that should have been implemented from the start. Your lack of security along with your very public response to the customer's question would be excellent evidence in a suit.
This isn't new technology. It's been around since 2008...sorry...1998! Two developers in my company built a 2FA system from scratch in a week. There's no excuse.
Not to mention that you've pushed out features like "Summary" and then rolled them back. Meanwhile, your tech support's solution to fix the newly absent Summary feature, was to upgrade my two cameras to the Premium Kasa Care plan...which I was already subscribed too. Embarrassing.
After this experience I just mentioned and reading your response describing your company's precarious approach to security, I've downgraded.
PLEASE TAKE MY ADVICE.
Stop all currently planned enhancements if that's what it takes. A complex password is not else secure unless we're talking about your Papa John's Pizza account.
You have great products - they're affordable and work almost flawlessly. But I'm afraid I'm going to have to start looking for an alternative if security isn't taken more seriously than this and the customer service and tech support experiences don't improve.
- Copy Link
- Report Inappropriate Content
We can undrestand the concern and everyone's opinions being made on this thread. The thing is we can't do much about it. This is a support based community. The only thing we are able to do is forward these concerns to our developmental teams and Project managers and hope that they will listen to the feedback. Yes, support agrees that two-factor authenication should be implemented, we are even pushing for it on the community to control the spammers and bots who are starting to plague the community, and we are doing what we can to ensure the teams know that we need it. In the mean time though all we canl offer are suggestions to ensure your account stays as secure as possible with the current levels of security, such as suggesting that you use a unique complex password. The reason "Hacking" was in quotes is because its not really hacking if someone gets comprimsed because of a simple or common password.
This thread will again be forwarded to the powers that be, but we aren't likely to get an meaningful update for a while.
- Copy Link
- Report Inappropriate Content
@Carl I really appreciate your candid reponse and your support for this feature. Is there any channel for us to be more directly heard by the decision makers?
- Copy Link
- Report Inappropriate Content
No they do not have any customer facing points of access. We send every request that support or the community forum recieves to them. If or when features are added and we are updated we will as best we can post an annoucment here highlighting those updates. At this time that is the best and really only option available to us.
- Copy Link
- Report Inappropriate Content
I couldn't agree more. I should have done more homework before buying a tp-link device. Had I known that 2FA was not possible I would certainly have chosen an alternative.
SL
- Copy Link
- Report Inappropriate Content
Still no multi-factor or even just 2 factor authentication (2FA) for TP-Link accounts? This happened to me recently and so I checked my TP-Link login account settings to see if I can enable 2FA. I can't seem seem to find any such feature. It's super dangerous to share a single login access data with the Router and other TP-link online accounts.
In my case, I use a super strong password. But that means nothing when hackers use Man-In-The-Middle (MITM) attacks or simply use other forms of attack to fool the user to give out their login information. TP-link needs to create and use a security feature that can somehow help strengthen the login functionality of online-enabled devices. If you check your Modem and/or Router's Log or even use a good hardware Firewall, you may realize having online presence is like living in a wild wild world.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 6
Views: 4298
Replies: 13