Security & Trust

The communication requests between your mobile device, your Wyze product, and the AWS Cloud Server are made via https (Transport Layer Security (TLS)) for Event videos.

We use symmetric and asymmetric encryption, consistent hashing, and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the security of the live stream and playback data.

During the connection process, every device in the process has its own secret key and certification, so that we can validate their identity during handshake. Even if a hacker intercepts the data package, the data cannot be decrypted.

With Wyze Cam, users can view camera videos using two methods: live streaming and recorded videos. Streaming is encrypted during transfer from device to phone. Camera videos are transferred under a secure channel from device to Wyze Cloud (ingestion) and from Wyze Cloud to phone (digestion).

Wyze employees do not have the ability to view a user’s camera’s live feed. This is because we use a P2P live streaming solution, which establishes a direct connection between the phone and the camera. While this is a technical solution to privacy, we also have a policy at Wyze prohibiting employees from viewing live streams.

Event videos, which are videos recorded when motion or sound is detected, are securely uploaded to the Wyze AWS server. From here, the video only would be accessed with permission from executive-level Wyze managers in extremely rare or severe cases, such as if Wyze were to be presented with a court subpoena. No other Wyze employees have access to these videos.

Creating a strong password is the first line of defense while you’re registering (or updating) your Wyze account. We recommend a password with a combination of uppercase and lowercase letters, numbers, and symbols. You can also use a password management tool to help use unique passwords for different websites and accounts.

When choosing a password, avoid using personal information like birthdays, first and last names, and well-known words or phrases from movies, shows, books, or music. Sequenced numbers (12345) and letters (abcde) are also easier for hackers to crack, so avoid using these as well. Change your password often, but be sure that it’s unique and not recycled.

Consider intentionally misspelling words by substituting numbers and letters with symbols to make it more complicated for a hacker to guess. For example → f0R_3x@mP1e!. Be aware that some symbols will be more difficult to enter using a smartphone.

Two-factor authentication is a method of securing your account with a secondary authentication token, or code. This secondary token is generated after you enter your email and password, and is a requirement to sign in as long as 2FA is enabled on your account.

There are two secondary authentication methods available:

• Text message (SMS): Sends a text to your phone containing the associated key or code.
• Authenticator app: Pairs to your account, then continually generates codes on a short timer which act as the needed key.

In the Wyze app, tap Account > Security > Two-Factor Authentication. Then tap Verification by SMS (text message), and follow the prompts to add and verify your phone number.

Once SMS 2FA is enabled, you must enter the verification code sent by SMS to your primary (or backup) phone number when logging into your account.

In the Wyze app, tap Account > Security > Two-Factor Authentication. Then tap Verification by Authenticator app, and select the authentication app you prefer.

Copy the key generated from the Wyze app and paste it into your selected authenticator app. Verify the 6-digit code generated by entering it in your Wyze app. Make sure you save the recovery code shown at the end of setup.

Once TOTP 2FA is enabled, you must enter the time-sensitive verification code displayed in your authentication app when logging into your account.

Never share your Wyze account credentials with anyone you do not trust completely with your account. If you do, they’ll be able to access and change your details - even your password - without your permission.

Instead, ask your friends and family to create their own free Wyze account so you can share devices with them without compromising your login credentials. For more information on the Sharing feature, check out How to Use Sharing.

Note: Wyze employees will never request your password under any circumstances.

Outside the app, Wyze will only contact you using the following official channels:

• @wyze.com
• @support.wyzecam.com
• @forums.wyzecam.com

If you reach out to Wyze, there will be circumstances when an employee may request information to help with your case.

Wyze employees may ask for:

• You to send us an email from the email address associated with your Wyze account
• A screenshot of the in-app Device Info screen to verify IP/MAC or a photo of the sticker on the device
• Recordings or screenshots of product pages, or sample video recordings to help troubleshoot visual and audio issues
• Your shipping address for returns, replacements, and sending out testing units

Wyze employees will never ask for your:

• Full credit card number (we only may ask for the last 4 digits)
• Wyze account password
• Social Security Number (SSN)