persandstrom
Verisure 2 step verification auth
Hello,
I just received a email from verisure (from Belgium) about 2 step verification:
It sounds you can disable it, but I think it should be handled.
Information to users with a third-party integration to Verisure
Our system indicates that you are using a third-party integration to connect to Verisure functionality. If this is not the case, you can ignore this email. Otherwise, please continue reading.
Third-party integrations are not an officially sanctioned way to connect to Verisure. However, we hope that you are happy with the functionality provided through MyPages and Verisure app and will continue to use it. This email contains instructions for how to use third-party integrations together with 2-step verification.
Our goal is to keep our customers safe and secure. This includes maintaining a high security level for your Verisure account and reduce the risk of unauthorized access.
In the next couple of weeks, we will therefor introduce 2-step verification for all logins to MyPages and the Verisure app.
Once 2-step verification is enabled for your account, you will need a one-time code in addition to your username and password.
Preparation for 2-step verification
Please complete the following steps to prepare for 2-step verification.
Go to Account in MyPages to check that your registered phone number is correct.
Make sure that all users with access to your Verisure system have their own Verisure account.
If there are users who share accounts, please ask the system owner or administrators to create individual accounts for them. This is done under Users in My Pages.
It is very important to have individual accounts with the correct phone number for each user. It ensures that the verification code is sent to the correct user and device at login.
If your alarm system is connected to the Verisure Monitoring Center, it also makes sure that the Verisure first responders can reach you in case of an emergency. This is especially important if you use mobile SOS services such as Verisure Guardian.
How does 2-step verification affect third-party integrations with Verisure?
When 2-step verification is enabled, your connection through the third-party integration might stop working. Please note that if you disable 2-step verification, the risk of unauthorized access to your account is increased.
Follow these steps to restore the connection:
Log in to MyPages with your username and password. Enter the verification code when you receive it.
Go to Account and Subscription > Account > Login credentials > Disable 2-step verification
Follow the instructions to disable 2-step verification.
In order for us to get valuable input for potential future improvements for users that have a 3rd party integration to Verisure, we have created a short survey as part of the Disable 2-step verification steps.
Best regards
Verisure
Verisure in Sweden seems to have started to push for 2FA as well. This morning I received the same email from Verisure here in Sweden.
Supporting MFA in a cli command would be quite straight forward. But what about services using this package?
Do we have a good understanding about the session (cookie) TTL? Will it ever expire?
I noticed that the new auth flow will return a JWT. Have anyone been able to refresh the token?
"In order for us to get valuable input for potential future improvements for users that have a 3rd party integration to Verisure, we have created a short survey as part of the Disable 2-step verification steps."
I think this is maybe the most interesting part in their move. Seems they are now leaning towards an acceptance for 3rd party integrations. Maybe this has changed with the current owner. Maybe they realize & understand that the way forward is to provide a solution open for integrations. With the previous owners, the founders, I felt they did not have any ambitions in this direction. But with the massive competition on the market, open standards etc etc I think you have to have an open solution if you shall survive in the long term. I have had an integration with Verisure for many years now, earlier with my own python script until I one day found Per's wonderful contribution where we are now. What I did early in the beginning when I started, I sent a mail to them and explained what I did so I never got any complaints later either about polling too much
Anyway, I have not answered the survey but I think it would not be such a bad thing to have a discussion here about what features we all see would be nice to have. Maybe we could develop a consolidated list?
Some I think of
- a documented api
- support for push notifications
- using MQTT
Best regards, Walter
Some progress in documenting the JWT flow here: https://github.com/ptz0n/homebridge-verisure/discussions/107
The full MFA flow is now documented with a suggested solution up for discussion: https://github.com/ptz0n/homebridge-verisure/discussions/107
@dulemis If you get, store and use your vid cookie, you don't have to login. The Homebridge plugin provide a tool for obtaining this cookie for users with MFA.
Yes, thats fine if you use Homebridge.
But assume a setup where you just use simple a python script. How shoud you then treat and handle this? I think we are many users having just a home brewed script so it would be really great if we could get a kind of guidance with the necessary steps or a sample simple python script that can handle the 2 step verification with the cookie handling
Thanks to @ptz0n's great work I will be able to have something ready in a not too distant future. If you are interested in progress or testing for yourself have a look at the mfa branch.
This version has a new mfa command . python -m verisure [user] [passwd] mfa which will request a verification code which you enter in command line. After that you should be able to run as usual. I have hardly tested myself yet, so no promises that it will work :)
I have created a new version (1.8.0) that supports MFA, please try it out and report back to me if it does not work as expected
I have created a new version (1.8.0) that supports MFA, please try it out and report back to me if it does not work as expected
Hi Per,
It seems to work on my Python3 system, but not on Python2 (i know its deprecated, but if its an easy fix..?)
Enter verification code: XXXXXX
Traceback (most recent call last):
File "/usr/local/bin/vsure", line 8, in
Thanks for reporting @dulemis, I have fixed that now (version 1.8.1)
I upgraded and tried again, but get the same error.
Thanks for reporting @dulemis, I have fixed that now (version 1.8.1)
I upgraded and tried again, but get the same error.
That's strange. Same row number as well?
File "/usr/local/lib/python2.7/dist-packages/verisure/main.py", line 229, in main
Enter verification code: w4fll2 Traceback (most recent call last): File "/usr/local/bin/vsure", line 8, in sys.exit(main()) File "/usr/local/lib/python2.7/dist-packages/verisure/main.py", line 236, in main code = read_input("Enter verification code: ") File "/usr/local/lib/python2.7/dist-packages/verisure/main.py", line 40, in read_input return input(text) File "", line 1, in NameError: name 'w4fll2' is not defined
It works fine on my machine ;)
can you try to open a python terminal and type __builtins__.raw_input("test: ")
# python Python 2.7.3 (default, Mar 14 2014, 12:37:29) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or "license" for more information.
builtins.raw_input("test: ") test:
This is strange indeed. The code test if __builtins__ has an attribute called raw_input which you prove with with the test that is does, the same thing is done in the verisure script but the result differs. The next test you could do is to edit the installed file /usr/local/lib/python2.7/dist-packages/verisure/__main.py__ and replace line 40 to use raw_input instead of input. Maybe you can open a new issue since it seems to be a bit tricky.
/usr/local/lib/python2.7/dist-packages/verisure/__main.py__and replace line 40 to useraw_inputinstead ofinput.
Had the same problems as dulemis, this worked for me.
