2FA Security is a joke (Update: went live on the website)

Caschy · July 6, 2020, 1:04pm

Update: 2FA on the website is live!

I’m excited about the cameras. But the security Eufy is putting on is a joke. So here’s a tip on how to get around the recently introduced two-factor authorization. The security measure is only valid in the app, on the eufy homepage (https://mysecurity.eufylife.com/) an attacker can still log in with user name and password, access cameras and videos and download them. This is very disappointing. Eufy, please fix this.

alexjiang · July 6, 2020, 2:06pm

Maybe eufy’s use of Flash on mysecurity.eufylife.com will deter those hackers with any self respect from penetrating a system deemed not worthy. So, yeah, not to worry at all.

Nrockx · July 6, 2020, 3:03pm

What? I wasn’t even aware of that website! I’ve bought the cameras only because of Homekit (which is still not here) and during signup I was never informed that there is a website to login to to see you videos online. And thats not even protected via 2FA? Are you kidding?
Now it looks like a bad investment more and more to me. No Homekit, no 2FA, no real local solution as we saw during the server downtime a couple of weeks ago.

jls4wheeler · July 6, 2020, 3:55pm

@Nrockx unfortunately yes it does appear that way

Eufy254 · July 6, 2020, 4:23pm

Wow, that’s such a glaring omission that it shows they still have a way to go in understanding basic product security.

Caschy · July 6, 2020, 5:37pm

THAT was fast. Checked it a few minutes ago - and now i have to enter my code!

Eufy254 · July 6, 2020, 6:06pm

Thanks for the update. Glad to see they fixed that

Hopefully 2FA goes worldwide soon!

JD2020 · July 6, 2020, 8:38pm

I also think that 2fa is a need and i would also suggest that have more than just sms maybe like google authenticator or something similar

Anthony_Thomas · July 6, 2020, 8:57pm

It blows my mind they decided to release a site using Flash when everyone was already well aware of the EOL approaching. I can’t even get the site to load my events, they all just give me an unspecified error and never load. Hopefully they revamp it soon.

I bought eight of these cameras to move away from hosting my own BlueIris server, but this webui might be enough for me to return them.

orlville · July 7, 2020, 3:00am

I’m either ignorant or euphy was use false advertising. Under impression that this isnt a cloud based security system but it certainly seems like it and now I’m finding out anyone cam hack into anyone’s cameras by useing a site I was unaware of. I purchased euphy because they said they were more secure than others amd operated differently. But euphy the same as others amd I may be returning.

alexjiang · July 7, 2020, 1:46pm

@Caschy I’m not yet seeing 2FA on mysecurity.eufylife.com for my US account. Are you in US?

Caschy · July 7, 2020, 2:22pm

I am in Germany.

munpip214 · July 16, 2020, 7:16am

I guess they save on bandwidth if no one uses flash and cannot view anything

Raeubervater · July 24, 2020, 12:36pm

2FA is active on my iOS apps. but signing in via the website is only 1FA - also from Germany here.

JD2020 · July 24, 2020, 7:02pm

I hope they fix this needs to be 2fa on the web portal for everyone everywhere

derDoc · August 10, 2020, 9:18am

I just ordered my 2C set but already created an account.

the iOS app has 2FA and works
Mac app didn’t sent a code by mail oder text so I can not login
website has no 2FA and I can login without a code

Based in Germany

EDIT: 2nd login on the website and the 2FA showed up!

JD2020 · August 26, 2020, 3:33pm

2fa is here in the USA now