

Garmin: Allow Users to Opt-Out of Mandatory 2FA/MFA After Disabling the ECG App
The Issue
Garmin currently enforces permanent, un-deactivatable Two-Step Verification (2FA/MFA) on any user account that has ever activated the Electrocardiogram (ECG) app. While we understand and respect Garmin's commitment to securing sensitive medical data under privacy regulations, the current implementation offers zero flexibility for users who no longer wish to use the ECG feature.
Even if a user sells their watch, factory resets their device, deletes their health history, or explicitly chooses to opt out of the ECG feature, Garmin permanently locks their account into mandatory 2FA.
Why This Is an Issue
- Disrupted Ecosystems: Permanent 2FA breaks critical third-party smart home and fitness integrations (such as Home Assistant or custom API scripts) that users rely on daily.
- Inconvenience: Users are forced into a frustrating loop of authentication prompts across multiple web browsers and mobile devices for an app they no longer use.
- Lack of User Autonomy: Forcing users to delete their entire Garmin history and create a brand-new account just to regain standard security preferences is an unacceptable customer service barrier.
Our Request
We, the undersigned Garmin users, petition Garmin to update its account privacy infrastructure to allow an explicit opt-out process.
If a user explicitly agrees to disable the ECG app, opt out of the feature, and purge their stored ECG data from Garmin Connect, Garmin should automatically restore the option to toggle Two-Step Verification "OFF" within their Account Security settings. Security should protect the user, not trap them.
3
The Issue
Garmin currently enforces permanent, un-deactivatable Two-Step Verification (2FA/MFA) on any user account that has ever activated the Electrocardiogram (ECG) app. While we understand and respect Garmin's commitment to securing sensitive medical data under privacy regulations, the current implementation offers zero flexibility for users who no longer wish to use the ECG feature.
Even if a user sells their watch, factory resets their device, deletes their health history, or explicitly chooses to opt out of the ECG feature, Garmin permanently locks their account into mandatory 2FA.
Why This Is an Issue
- Disrupted Ecosystems: Permanent 2FA breaks critical third-party smart home and fitness integrations (such as Home Assistant or custom API scripts) that users rely on daily.
- Inconvenience: Users are forced into a frustrating loop of authentication prompts across multiple web browsers and mobile devices for an app they no longer use.
- Lack of User Autonomy: Forcing users to delete their entire Garmin history and create a brand-new account just to regain standard security preferences is an unacceptable customer service barrier.
Our Request
We, the undersigned Garmin users, petition Garmin to update its account privacy infrastructure to allow an explicit opt-out process.
If a user explicitly agrees to disable the ECG app, opt out of the feature, and purge their stored ECG data from Garmin Connect, Garmin should automatically restore the option to toggle Two-Step Verification "OFF" within their Account Security settings. Security should protect the user, not trap them.
Petition Updates
Share this petition
Petition created on June 5, 2026