Introducing Two-Step Verification (2FA) for the Kasa App

Introducing Two-Step Verification (2FA) for the Kasa App

Introducing Two-Step Verification (2FA) for the Kasa App
Introducing Two-Step Verification (2FA) for the Kasa App
2022-05-16 18:20:40 - last edited 2024-08-23 17:52:55

Announcing Two-Factor Authentication for Kasa Users

 

We have started to roll out two-factor authentication for our Kasa accounts. This means that, when enabled, a new device signing in with TP-Link ID will be asked to present a time sensitive verification code to protect your account from unauthorized access.

 

I have already created and published a new KB Article detailing how to Set up 2-Factor Authentication in the Kasa App. If you want to jump ahead and get registered, the instructions for sign up, if eligible, can be found here: 

 

Enabling Two-Step Verification on the Kasa App

 

As a reminder, we are slowly rolling this feature out to our users by enabling the feature on your account in waves. The menu for Two Factory Authentication can already be found in the app, and will tell you if the feature has been enabled on your account yet.

 

 

FAQ:

 

Will this affect other logins where I use my TP-Link ID?

  • No, our Two-Factor Authentication System is designed to only affect the Kasa Application at this point in time. If you would like to see this feature expanded to other products, let us know in the comments below. (EDIT: 2FA has been added to our Tapo App also)

 

Will this completely prevent unauthorized access to my account?

  • Unfortunately, there is no way of completely preventing unauthorized access to your account, on any platform. This is why we must add as many layers of security to our online accounts as possible.
  • The saying "It is only as strong as the weakest link in the chain" is especially true in this situation. For someone to log into your accounts, they must provide a verification code given by either a notification or email. It is important to consider how secure these platforms are and what other people have access to the information inside. For this reason, I recommend using two-factor authentication for any accounts that provide it as an option, such as your email account.

 

Fun Fact: You've been using a form of two-factor authentication your entire life and haven't even known it - Captchas - Those images are checking to see if you are a bot or not, and this is also a form of two-factor authentication that companies put into place to prevent automated attacks and to protect users alike.

 

 

Join the Conversation about Account Protection, and Other Layers of Security; or simply ask a question about the new feature.

 

  4      
  4      
#1
Options
10 Reply
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-05-16 18:33:12

  @Riley_S  

 

I would love to hear what other forms of two-factor authentication users have used in the past; what has worked, and what has not.

 

Most people nowadays are used to fingerprint readers and facial recognitions features. However, the use of authenticator codes are just beginning to hit the main stream. What do you think of these Authenticator Codes? (I personally would rather use a text message than finding an app)

 

I think that my favorite experience with two-factor authentication has to have been when Microsoft were first releasing facial recognition features for Windows, and I wired my Xbox Kinect up to my Windows PC in order to use their facial recognition login feature. If nobody knows what hooking a Kinect up to a PC looked like it wasn't great, my friends and I called i the octopus adapter, and it looked like this but with far longer cables. Fun project, but I think It only worked MAYBE once a week. Now we have the functionality in everyone's own phones and laptops.

 

b0c7abc483be49ed8eccc485a4842bfd

  0  
  0  
#2
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-06-24 19:21:54

  @Riley_S I'm a big fan of two-step verification so it's great to see TP-Link embracing it moving forward. I set it up for my account, but I was wondering if you have any plans to add support for the "Google Authenticator" method (the one with the QR code). Many password managers have added support for that method of verification and will even autofill it, making it very convenient while still being secure.

 

Thank you!

Any thoughts?

  0  
  0  
#3
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-06-29 16:57:28

  @Riley_S 

 

I just got the notification for the feature last week. Keep an eye out for this screen when opening the Kasa Application:


04da90ae10bd4c5fb92449196477921a

  0  
  0  
#4
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-06 03:57:26

  @gabe565 

sorry folks, im old school. I get the high security for Banking and things of that nature. To protect my switches and plugs, keeping it simple is the reason i love Kasa products. Scanning codes and 2 step verifications and long set ups is to me all backwards thinking. Make smart smart! Not every product should have fort knox security, especially for small home items. Thats why i stepped away from many products today. Lets not make modernizing our homes a full time job to constantly fill out and sign in to use! It should be effortless and only needed the first time for set up!

I talk my parents and kids through set ups, if you complicate things and it takes more time and effort it wont get used! The more it seems today we upgrade the less reliable things become. This is a huge problem now! KISS KEEP IT SIMPLE STUPID!

  0  
  0  
#5
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-20 20:23:42

  @Riley_S it's great that you're thinking about security with 2FA, but it's quite pointless when you cannot even do something basic like change the email address associated with your account. I cannot set it up, because I no longer use the email address I originally used, and cannot change it on my account...

  1  
  1  
#6
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-21 18:20:59

  @lowwhistler,

Thanks for bringing this back to our attention, I will add it to our feedback for this month and see if there have been any developments in the possibility of adding this feature. I know that this is potentially difficult for our engineers, due to the number of connected services that use TP-Link IDs.

As of now, you have to create a new ID, unbind the devices from your old account, and then log in with your new account. I know this is isn't the best solution, but hopefully, the development and engineering team will provide further information on the feature.

  0  
  0  
#7
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-27 16:46:03

  @Riley_S 2FA is a great step forward, however getting email notices about logins from an old version of the app, every 10 minutes, is a terrible user experience!

 

Since early this morning my inbox has been being spammed by TP-Link with an email stating:

 

"

Hi,

We noticed a login attempt from an old version of Kasa app on an unrecognized device. Since Two-Step Verification is enabled, you’ll need to update your Kasa app to the latest version to log in with a verification code.

If it wasn’t you logging in, someone may be trying to access your account. You can change your password to secure your account.

 

"

 

I have two phones (mine & my fiancee's) that are logged in as well as a Hubitat Hub. Mine (Pixel 5) has the app version of 2.38.1.1068 that was released Jul 12th, where as hers (Pixel 3) has the app version of 2.38.0.1066 that was released in June (with no update avail). My Hubitat has Kasa Hubitat Integration, Version 6.6.1 installed. 

  4  
  4  
#8
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-29 07:14:13 - last edited 2022-07-29 07:29:05

Hello  @NicFord1  Thank you for the feedback, we've shared for your feedback with our engineers for some investigation.

  • Make sure you have reset the tp-link account password after receive this  email. 
  • You may also enable Two-Step Verification (2FA) for your account to add another layer of security to your account.

 

May I know did you put in the TP-Link account and password when authorize the integration on third party software?  Is this your personal account, or did you share the account with others before besides your fiancée?  To investigate further,  we'd create a support email TKID220732014 to follow it up further, please check your email inbox. 

 

If any user experience similar concern, for security warning or any inquiries with account security, please try to reach our local support directly, so they could look into the case directly.Thank you very much for your understanding!

  0  
  0  
#9
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-07-29 18:33:19

  @Solla-topee I have gone ahead I replied to your email, but for reference, I'll post here as well.

 

So after I posted, I was looking into the Hubitat setup further & realized that it is using local connections (by IP address) rather than account login (it has been a while since I set it up, so I wasn't clear on details at the time). Thus, that wouldn't be causing the issue, as it knows nothing of the account. -- Details on Hubitat app here --> https://github.com/DaveGut/HubitatActive/blob/master/KasaDevices/

 
The TP-Link account is a personal account, only shared with my Fiancée (no one else). 2-Step authentication is already enabled on the account, with only our phones listed as trusted devices & appearing in the login activity sections of the Kasa App. I forget when I enabled it, but it was enabled well before the emails started -- as soon as I saw 2FA was available. I have not changed/updated the account password anytime recently. It is linked in both Google Home & Alexa as well, not anytime recently -- using the official TP-Link/Kasa skill/integrations.
 
~Nicholas
  2  
  2  
#10
Options
Re:Introducing Two-Step Verification (2FA) for the Kasa App
2022-08-01 03:03:39

  @NicFord1 Thank you for more case details, I believe that will be helpful for further analysis. We escalated your case and our senior will help assist further with your case via that support email TKID220732014 

  0  
  0  
#11
Options