Ask HN: Team now works remotely, what to do with office phone for 2FA?
Our team is working remotely now, we have an office mobile phone for two-factor authentication and some other calls. If somebody takes the phone home with them, then they have to be available to receive a call or an SMS if another person logs in to a service that requires two-factor verification. Are there software solutions for this problem? Ideally would like to leave the phone at the office and somehow every employee can remote in to the device to check for SMS.
16 comments
[ 5.5 ms ] story [ 52.4 ms ] threadFor example we reduced the number of users in our Salesforce instance to 1 user per department and this is saving us approx 30000EUR per year which for our small cash strapped startup is significant.
SMS is a bit trickier:
* there are Android apps that claim to be able to sync messages with desktop computers (equivalent of Apple's seamless iMessage between iOS and macOS) so might be worth to put the SIM in an Android phone and then give these solutions a try.
* alternatively you can put the SIM in a mobile data dongle and talk to it using AT commands (it should present itself as a serial port) to get/send SMS. Make a little script around that, leave it on the machine and have your people SSH into it.
* if possible, port the number to Google Voice or similar.
Don't port 2FA to any virtual phone number. Most sites accept those numbers but refuse to send any SMS to them, thereby locking you out of your account.
That being said, a “shared” second factor is not a good idea and neither is the use of SMS as second factor. This is because an attacker could use a sim swap attack or a S7 attack. Also, you might lose your number for a reason outside of your control.
That being said, you might want to look into an Authenticator (OTP) app (Google, Authy, ...) or a Hardware token like YuhiKey for your needs.
I was using an Android device, KDE Connect app and a Linux box to view 2FA messages. Works, but it's a string of hacks.
Hope some better solutions come up in this post.