SMS Two-Step Verification
uvjim opened this issue · comments
I enabled it. Doesn't break anything, just annoying.
You will get an SMS every rather than an email on every re-validate.
The SMS senderis shared with other stuff from Amazon (Amazon it self, Twitch and even 3rtd party), so can't be easily blocked.
@akrauze Yeah, the 2FA implementation is pretty poor (not working)
I can still arm and disarm my system with the pre-0.16.5rc0
version that doesn't exit on a bad pin.
Not an issue with blinkpy at all, it is Blink's REST API that has the bug.
Seems like they are only requiring the validated 2FA on some endpoints and not others.
Pretty bad security if you ask me.
auth = Auth({"username": "<USER>", "password": "<PASSWD>"}, no_prompt=True)
blink.auth = auth
blink.start()
time.sleep(5)
blink.auth.send_auth_key(blink, "1")
print(blinkapi.request_system_disarm(blink, '<NETWORK_ID>'))
Output:
{'id': 77274340, 'network_id': <NETWORK_ID>, 'command': 'disarm', 'state': 'new', 'commands': [{'id': 77274341, 'network_id': <NETWORK_ID>, 'command': 'config_lfr', 'state': 'running'}, {'id': 77274342, 'network_id': <NETWORK_ID>, 'command': 'config_lfr', 'state': 'running'}, {'id': 77274343, 'network_id': <NETWORK_ID>, 'command': 'config_lfr', 'state': 'running'}]}
Checked on the Blink Mobile app and it was set to Disarmed
Granted you need to know the login and password for the account, but still...
Great security Blink! /s
Yeah doesn't look like anything breaks with SMS verification so I'll close this