Multi Factor Authentication

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Multi Factor Authentication
Multi Factor Authentication
2019-12-12 21:33:00 - last edited 2022-05-16 18:39:55
6
6
#1
Options
1 Accepted Solution
Re:Multi Factor Authentication-Solution
2022-05-16 18:39:41 - last edited 2022-05-16 18:39:44

 

Announcing Two-Factor Authentication for Kasa Users

 

Join the Conversation about Account Protection, and Other Layers of Security, or Ask the Community for Help @ Introducing Two-Step Verification

 

We have started to roll out two-factor authentication for our Kasa accounts. This means that, when enabled, a new device signing in with TP-Link ID will be asked to present a time sensitive verification code to protect your account from unauthorized access.

 

I have already created and published a new KB Article detailing how to Set up 2-Factor Authentication in the Kasa App. If you want to jump ahead and get registered, the instructions for sign up, if eligible, can be found here: 

 

Enabling Two-Step Verification on the Kasa App

 

As a reminder, we are slowly rolling this feature out to our users by enabling the feature on your account in waves. The menu for Two Factory Authentication can already be found in the app, and will tell you if the feature has been enabled on your account yet.

 

  @Ben-Page 

Recommended Solution
3
3
#14
Options
13 Reply
Re:Multi Factor Authentication
2019-12-13 19:11:52

@Ben-Page 

 

 

We have been discussing multi-factor authenication internally but do not have any time tables available or even if it will come to frutition.  Much of the "Hacking" comes from people who use simple or common passwords or a password that is used over mulitple accounts and has been comprimised elsewhere.  We recommend unique and complex password for your Kasa Account. 

0
0
#2
Options
Re:Multi Factor Authentication
2020-01-11 08:40:28

@Carl is there any update on this at all?  I updated on a separate thread for 2FA.  It's imperative this is released, new breaches every day.  2FA is considered basic requirement at this point.

1
1
#3
Options
Re:Multi Factor Authentication
2020-01-14 22:48:26

@synack2021 

 

 

No nothing that has been updated to us.  Though truthfully we do not typically get updates on roadmaps from the Development teams until the feature is nearing launch.  The last thing we want is for a feature to be discussed and said its comming or a specific date for release to be given and then plans change.  For this reason support typically does not get updates until release dates have been made public.  I can say we have disccuessed this but beyond that I do not have an answer on potential release dates or even if we are going to go to multifactor 

0
0
#4
Options
Re:Multi Factor Authentication
2020-01-23 18:20:31
it doesn't matter that the "hacking" (not sure why you used quotes there) comes from people who use simple passwords. I've learned in my career as an IT professional that if you make security optional, MOST people aren't going to turn it on by default. you kind of have to spoon feed essential features to people for them to use it. not having 2FA is the reason why I'm going to be getting rid of my Kasa equipment in the very near future.
2
2
#5
Options
Re:Multi Factor Authentication
2020-01-26 01:51:36

@Carl 

 

Hello. I'm a web developer that specializes in building secure online credit card transaction systems. Plain and simple, this answer is unacceptable and laughable that someone thought this was an appropriate response, even if it is the truth.

 

2FA isn't something your company should be talking about - it's something that should have been implemented from the start. Your lack of security along with your very public response to the customer's question would be excellent evidence in a suit.
 

This isn't new technology. It's been around since  2008...sorry...1998! Two developers in my company built a 2FA system from scratch in a week. There's no excuse.

 

Not to mention that you've pushed out features like "Summary" and then rolled them back. Meanwhile, your tech support's solution to fix the newly absent Summary feature, was to upgrade my two cameras to the Premium Kasa Care plan...which I was already subscribed too. Embarrassing.

 

After this experience I just mentioned and reading your response describing your company's precarious approach to security, I've downgraded. 


 

PLEASE TAKE MY ADVICE.

Stop all currently planned enhancements if that's what it takes. A complex password is not else secure unless we're talking about your Papa John's Pizza account. 
 

You have great products - they're affordable and work almost flawlessly. But I'm afraid I'm going to have to start looking for an alternative if security isn't taken more seriously than this and the customer service and tech support experiences don't improve.

2
2
#6
Options
Re:Multi Factor Authentication
2020-01-27 18:20:48

@jneate @chabotna 

 

We can undrestand the concern and everyone's opinions being made on this thread.  The thing is we can't do much about it.  This is a support based community.  The only thing we are able to do is forward these concerns to our developmental teams and Project managers and hope that they will listen to the feedback. Yes, support agrees that two-factor authenication should be implemented, we are even pushing for it on the community to control the spammers and bots who are starting to plague the community, and we are doing what we can to ensure the teams know that we need it.  In the mean time though all we canl offer are suggestions to ensure your account stays as secure as possible with the current levels of security, such as suggesting that you use a unique complex password.  The reason "Hacking"  was in quotes is because its not really hacking if someone gets comprimsed because of a simple or common password.  

 

This thread will again be forwarded to the powers that be, but we aren't likely to get an meaningful update for a while. 

0
0
#7
Options
Re:Multi Factor Authentication
2020-01-31 01:25:00

@Carl I really appreciate your candid reponse and your support for this feature. Is there any channel for us to be more directly heard by the decision makers?

0
0
#8
Options
Re:Multi Factor Authentication
2020-01-31 15:28:28

@Ben-Page 

 

No they do not have any customer facing points of access.  We send every request that support or the community forum recieves to them.  If or when features are added and we are updated we will as best we can post an annoucment here highlighting those updates.  At this time that is the best and really only option available to us. 

0
0
#9
Options
Re:Multi Factor Authentication
2020-09-27 12:11:50

@Ben-Page 

I couldn't agree more. I should have done more homework before buying a tp-link device. Had I known that 2FA was not possible I would certainly have chosen an alternative.

SL

0
0
#10
Options
Re:Multi Factor Authentication
2020-10-07 04:45:04 - last edited 2020-10-07 04:54:27

Still no multi-factor or even just 2 factor authentication (2FA) for TP-Link accounts? This happened to me recently and so I checked my TP-Link login account settings to see if I can enable 2FA. I can't seem seem to find any such feature. It's super dangerous to share a single login access data with the Router and other TP-link online accounts. 

 

In my case, I use a super strong password. But that means nothing when hackers use Man-In-The-Middle (MITM) attacks or simply use other forms of attack to fool the user to give out their login information. TP-link needs to create and use a security feature that can somehow help strengthen the login functionality of online-enabled devices. If you check your Modem and/or Router's Log or even use a good hardware Firewall, you may realize having online presence is like living in a wild wild world.

0
0
#11
Options