Making Your Account More Secure: Introducing Two-Step Verification (2FA) for the Tapo App
What is Two-Step Verification?
Two-Step Verification (also called two-factor authentication or ‘2FA’) is a security feature on the Tapo APP that helps add an extra layer of security to your account. With Two-Step verification enabled, a new device that signs into the app with your TP-Link account information will be asked to enter a time-sensitive verification code to protect your account and prevent unauthorized access.
How to Set up Two-Step Verification
You can enable this feature from the Tapo Application. From ‘Me’ page, tap the Account Icon in the top left > Login Security> Toggle ON Two-Step Verification .
How does Two-Step Verification work for the Tapo APP?
1. When enabling two-step verification for the first time, it will require you to verify your account through your email.
2. After Two- Step Verification, new devices attempting to log in will have to verify using one of the methods specified below:
- APP Verification (Default Method) : Verify by App Notification. A Verification Code will be sent via a Tapo app notification to Trusted Device(s). Enter the code on the new device to verify the new device.
Note: Ensure that the Notification permission has been enabled on your phone to use this feature.
- Email Verification (Alternative method): Verify by Email. A Verification Code will be sent to your Email Registered to your TP-Link Account. Sign in your email to view the code. Enter this code on the new device to verify the new device.
Q1. How to turn off Two-Step Authentication?
From ‘Me’ page, tap the Account Icon in the top left > Login Security> Then tap the Two-Step Verification ON/OFF toggle
Note: Set Two-Step Verification ‘ON’ is highly recommended to enhance security level to your account.
Q2. Will Tapo APP ask a Trusted Device to go through Verification before logging in again?
No, a Trusted Device could skip the 2FA step when sign in your account without entering a verification code.
Q3. How to remove a device from Trusted Devices? How to manage the Trusted Device?
From ‘Me’ page, tap the Account Icon in the top left > Login Security > Trusted Devices> then tap the ‘X’ on the side of the device you would like to remove.
Note: Once a device is removed from Trusted Devices list, that device will be force logged out, and need a verification code next time log into the APP.
Q4. Why my device shows a different location in Login Activity?
Device location there is based on the IP address from Internet Service Provider and that may not align with the device real location, we do not use the GPS location of the device to determine location. If using a cellular connection, the app may indicate that a new device has logged in from far away.
1. What should I do if I didn’t get the 2-Step verification code in my email inbox?
1) First, check your Spam or Junk folder.
2) Next, ensure that you are using the correct email account. From the ‘Me’ page, hit the Account Icon in the top left.
3) Add TP-Link email address ' firstname.lastname@example.org ' into Whitelisted email senders or Safe Senders as this FAQ
4) Contact our Support using the Same Email Account that you are trying to enable two-factor authentication for and please provide the following information:
a. TP-Link ID/ Email account
b. Tapo APP version
c. Photos of Two-step verification Setup – Under My Account > Login Security
d. The model of your Mobile Device & Android or IOS version.
2. What should I do if I did not receive a mobile notification with the code?
- Enable Notification permission for Tapo APP on the phone. Device should be able to get notifications from Tapo app properly.
- Tap ‘Resend’ to resend verification code.
- Ensure sure your phone is connected to the internet.
- Ensure that your Tapo APP is up to date.
- Tap ‘Did not receive a code?’ on the bottom > Receive Code via Email> tap Send Code
3. What if I receive a Verification code but my new device didn’t try to sign in?
If you receive a verification code but you do not recognize the device that sent the request, there is a chance that your account password has been compromised – but do not worry, the unrecognized user will be unable to login without the code provided by either your email or notification to another trusted device.
We recommend immediately changing your account password and changing any other services that may use the same password. You can mitigate the chances of this happening to you by following these principles:
- Create a Strong Password with a Mix of Numbers, Letters, Capitals, and Symbols
- Do not Reuse the same password across multiple platforms
- Use a password generator and manager