Huge Security Issue!

I just purchased 10 Indoor Cam 2k’s. I was impressed with the Doorbell cam and went all in. However, I am starting to have some regrets. First incident was signing up for my account in the App on my phone. The app assigned my password, as my display/username. I thought that was a fluke.

Until today, when I came here to post some questions. It again, through the web - in a browser on a computer - clear as day, assigned my password as my display name, as well as my name underneath. Clear text.

That’s a big problem. That tells me something isn’t encoded correctly, nor is it encrypted. Which leads me to question the security … of the devices put out for security to me and thousands of other people. What else is messed up that were not seeing?

1 Like

This is a huge issue that needs to be fixed immediately!! @AnkerSupport please comment on this. Obviously this is not good and needs a patch.

2 Likes

How do we change username?

Tap your name icon top right of page, then the gear.

Dear power user,
This is the App designer. Your privacy is something that we value as much as you do.
In eufy Security app design, the password for the login account is hidden under the dark spot default, which will be assigned only when our user choose to show it in the clear-text.
Would you mind helping us to make sure these two questions:

  1. If you met this on the login page?
  2. If you mean the password for the login account is clear-text?

It wasn’t hidden when I created my account. Nor was it hidden here. It was used as my name/username.

On your photo how can I get to this page where you can actually change your username?

Under Preference-Account I can change “Name, your full name (optional)” but I dont see Change Username like on your photo.

Preference then what?
I used Firefox browser and Brave same thing.

The author said:
First incident was signing up for my account in the App on my phone. The app assigned my password, as my display/username.

Also author logged into a web browser:
It again, through the web - in a browser on a computer - clear as day, assigned my password as my display name, as well as my name underneath. Clear text.

So how can we change our username in a web browser? I only can change Name but not Username.

I just looked, I cannot change it again. It won’t let me, only my name. So it must be a one time thing?

EDIT- I created a test account here, it let change the name and it’s still showing me the ability to change it. So I am really not sure.

So when a new user registers for a new account from Eufy Security app it seems the password was initially used as a Username. Now when logging into a web browser you can see it too but you can change your password but the username still shows the old password (the same one you first used to register from app).

So for new users right after they registered for a new user account from app:
THEY NEED TO CHANGE THEIR PASSWORD ASAP!

Did you register the THE TEST ACCOUNT for a new account from Eufy Security app? If so did the password show as username ?

I registered via the web. So yea, I think what happened is something in the app set my username as my password. I saw it immediately and changed it. However, even after it was changed, it did the same thing on the web when I logged in here for the first time. It’s not good, especially since everything is linked and that’s what controls access to my devices!

We really need 2FA!

1 Like

What did you change when you say:
“I saw it immediately and changed it.“?

I would have to set up another account through the app. I may do that with my test phone when I get home. It showed my account was made and my name in the app was my password. I believe that was what prompted me to freak and change it quickly. I used one of my generic passwords as I had a weird feeling due to the app quality.

I do hope Eufy looks into this and resolves it quickly. It’s bad coding. Real bad.

So when a new user registered for a new account from Eufy Security app the password was used as a Username.

Now when that new user logs into communitysecurity.eufylife.com from web browser he/she can clearly see the Username which is the password. Other people can see that person’s Username (password) when they read something posted by the new user.

From the web browser the Username can not be changed, and if you want to change PW there is not even an option under Preference-Account. You have to go to Eufy Security app to change PW.

So it is best to change the pw from Eufy Security app since communitysecurity.eufylife.com from web browser will not let you change the PW.

EUFY needs to have a fix on Eufy Security app to stop using PW as Username FOR NEW USERS REGISTERING FOR AN ACCOUNT.
AND
Make an option to change Username and PW from communitysecurity.eufylife.com using web browser.

Hey, sorry for the inconvenience. The reason for this may be that the nickname was entered into the password by mistake when you are registering on the APP, you can check if the input is wrong?
(the APP registration input box is Email-password-Nickname in turn, as shown below).

Currently you can modify your nickname in two ways:

  1. Via eufy security APP Account setting
  2. The personal center of the web-side community, as shown below
    image

In order to reduce user operational errors and improve the registration experience, we will improve our APP registration layout in later versions and adjust the nickname input position to the setting (no Nickname input is required during registration). If you have any usage problems, please feel free to contact our customer team via support@eufylife.com. :slightly_smiling_face:

You can modify your nickname in two ways:

  1. Via eufy security APP Account setting
  2. The personal center of the web-side community, as shown below
    image

So when a new user registered for a new account from Eufy Security app the password was used as a Username(I am not talking about “Nickname” from app nor “Name” from http://communitysecurity.eufylife.com/) when accessing http://communitysecurity.eufylife.com/.

Now when that new user logs into (http://communitysecurity.eufylife.com) from web browser he/she can clearly see the Username which is the password. Other people can see that person’s Username which is the password when they read something posted by the new user.

From http://communitysecurity.eufylife.com the Username can not be changed for some reason!
Also if you want to change your password there is not even an option under Preference-Account. You have to go to Eufy Security app to change password.

So since you can not change your Username and password from http://communitysecurity.eufylife.com it is best to change the pw from Eufy Security app since (http://communitysecurity.eufylife.com) from web browser will not let you change the Username and password

EUFY needs to have a fix on Eufy Security app to stop using password as Username for new users registering for an account.
AND
Make an option to change Username and PW from (http://communitysecurity.eufylife.com) using web browser.

So this isn’t actually an issue just an operator fault?
Someone assuming what to enter?

How many people have actually done this? 2?

1 Like

I won’t deny that I may have put my password into the field that says “Nickname” in light gray wording. In my mind (what I am used to) is enter email, password, CONFIRM password. Which I will point out, there is no confirmation password.

Poor design either way. Doesn’t excuse the possibility that I again, may have put the password in the Nickname field.

I hope they adjust/modify/change this in the future. Also add 2FA.

2 Likes