the phone in a drawer solution works basically by default on apple devices. Very common solution in outback Australia (satellite internet only, no phone coverage)
Just thinking aloud here - would you need to disable all automated updates on iOS before doing this, lest the device do a reboot for a system security update, and end up on the lock screen?
There's probably some interesting failure modes when trying to get a modern device to stay connected for months on end, without deciding to reboot for a security patch or similar, or taking an automated app update.
I always have to enter the password to start an install. I’m not sure if there’s a failsafe after some period of time since I usually install day-of but I usually wake up to some nag saying it couldn’t be installed overnight because I didn’t authenticate, and all of my devices are set to install automatically.
Note that there is a difference between regular "locked" and the "locked" after a reboot. For the later most of the disk is still encrypted so very little data and few services are operational. You can likely recieve text messages but I doubt much of iCloud syncing works.
So with forwarding on, if you receive a garden variety SMS (green in iMessage) it will forward on as a normal (blue) iMessage over IP to other iOS devices on the same account?
yes. it comes up green, but is delivered to all other same account iCloud devices. you can reply too, and it works it out. I send and receive SMSs via my MacBook and iPad.
I also have a phone number solely for MFAs, and phone is in drawer at home. Battery is good for weeks, so not plugged in. Every incoming SMS, an app forwards it to a Google Apps Script, and GAS pings my telegram bot, which sends it my all devices with telegram installed.
My work iPhone 11 will run for a week in low-power mode - the battery is pretty large without the screen on with a bunch of apps keeping the CPU and cellular radio warm. I use mine mostly for MFA messages & Exchange when away from my desk and that’s a lot more power-efficient than I thought.
Yeah, I thought about low power mode but at least on my Samsung phone that kills basically all of the background apps/services, which would include any forwarding service. Or well, you can choose to allow background stuff but that's where the battery savings really kick in. I guess I haven't actually tried it with zero direct usage of the screen or phone, maybe it could last that long...
Its Huawei Honor Nova 5T, about 2 years old, with location and data off, network on, wifi on, and no extra apps except stock & that one sms forwarding app. I believe Android 10 or newer.
If you want your phone that is capable of running apps to last for weeks on battery, the big trick is to make sure it doesn't actually run apps for the most part. The second part is to make sure it has good reception. Also, disable any radios you don't need, etc.
If you took a random Android, put in a sim, uninstalled or disabled as many apps as possible, and left it screen off where it had a good view of local towers, you'd have pretty good battery life. It wouldn't be very exciting... but if it just needs to sit in a drawer (hopefully not a metal drawer, see reception issue) and forward a couple sms a week, it'd probably make it through at least one week.
If you go for a model that has a higher capacity battery as a feature, that'll help too.
Its at my home, I go there every day. I usually see it when battery is around 10%. Its USB C, so charges pretty quickly like in minutes. I can use the same charger I use for my regular phone.
The problem with using phones is that they're very much intended to have someone poke at them, and they're not intended to stay on charge 24x7.
I've got a work phone in front of me, all it's used for is getting 2FA prompts (SMS and Duo). Yet randomly I'll find it's rebooted for some update because the manufacturer has decided that I have to have it, and now I have to unlock it to launch Duo. I have disabled updates as much as I can, but it still gets some periodic updates.
I ran a bunch of Android tablets for a while, and their batteries swelled up over time because they sat on charge all the time.
Maybe if you can run a custom ROM to achieve some of this. But it's not an option for my 'work' phone, since the Manufacturer doesn't allow unlocking the boot rom.
My point is not all devices are equal, and I think if I was going somewhere remote I'd probably choose not to rely on a phone.
I have two pixel 4 (seen in the photos there) and I have noticed two things:
> 1 year uptime with no crashes or reboots
Android (whatever version) informs me that it's not charging fully for blah blah battery reasons ... which is to say, it is in some way smartly conditioning its own battery.
I can't say any more about it since this isn't my area of expertise but at least with these pixel 4a devices, these issues aren't present.
Seems like they could have one of those mini femtocells that cellphone companies will send you if you have no reception at your place - these just plug into your home internet and then rebroadcast a 3G or 4G signal. I still have an older 3G one from Sprint I am keeping around (probably wont even work anymore).
One of these could temporarily be plugged in on request - they could have just a few of them (at whoever is head of IT) for different carriers just for this situation.
Each simultaneous call costs you ~100Kbps. An SMS is 140 bytes, and limited by desired SMS throughput. I use a T-Mobile femtocell with a SpaceX Dishy, but VSAT (64 Kbps up to 8 Mbps) should be fine for SMS only.
McMurdo could run their own BTS and provide SMS access only to mobile phones if the desire and funding was available. This would give you a legit mobile network registration.
I haven’t heard of femtocells and now wondering why we don’t use these instead of WiFi? In my experience LTE connections are much more reliable than WiFi - rarely having mobile data issues but WiFi won’t work in the next room.
In Dubai apartments are full of these things that you the phone company just shows up and plugs in; they connect to the building fibre rather than being linked to you personally or you personally paying for them https://www.reddit.com/r/dubai/comments/on8gdh/we_recently_m...
Why use femtocell over Wi-Fi? It costs same as normal mobile data usage (maybe it depends). It's generally slower than Wi-Fi because not much bandwidth is assigned for it. No LAN connectivity. Its routing isn't optimal for just internet access because it routes home-ISP-internet-mobileISP-internet, instead of home-ISP-internet.
I have one of those. It requires a GPS signal to work, and instantly stops working if it isn't at your registered home address, which I assume cannot be Antarctica.
I got a TOTP card from Bank of America like 10 years ago. Ended up screwing me a bit when I lost it and then couldn't make changes to my account... I personally kinda hate 2FA now.
If you qualify (you’re a vet or anybody in your immediate family is), navy federal is pretty friendly with both global access and multiple 2FA options including SMS to Google voice. Their primary customer base is armed forces who will login from abroad and not have access to normal SMS.
I have the same issue in Canada. The bank I was using dropped support for email 2FA and only supports SMS now. I look at the alternatives and they all only support SMS or a custom app. There are a few that don't support 2FA at all which I assume just means that they are slow and will push me into SMS 2FA in a few years.
I would love to switch to a bank that supported TOTP.
Pretty good solution. I’ve seen online services that will “virtualise” a phone and give you access to it in the cloud. Pretty sure it’s just a cheap android on a rack.
I’ve thought about using one a few times, when going travelling overseas for extended trips.
I had a close call a couple of years ago when I had to travel unexpectedly and discovered that my phone provider’s new wholesaler relationship didn’t offer SMS roaming. Since I suddenly had to use a government app to get back into the country and the only MFA I believed they offered was text message, I had a little panic. Fortunately I got in with an email or something, but I quickly changed mobile providers for this reason.
It’s taken me until now to have a personal TOTP process robust enough to want to move my stuff across. When I get back from my current travels, it makes sense to try to move as much as I can to my new, synced, backed-up, personal authenticator solution.
Pushbullet SMS forwarding is another phone in the drawer solution. I think they also offer end-to-end encrypted SMS forwarding. Of course highly dependent on Pushbullet infrastructure.
Nothing is automatic about this process. It is fairly common for calls to or from ported numbers not even to be connected if one of the ends is currently at some obscure small-time carrier. Failure of e.g. caller ID is even more common.
"I have an AT&T number ported to Google Voice. There isn't any service out there that thinks it's a VOIP number."
This 'lookup' script that I wrote will properly identify your number as being owned by google voice:
/usr/local/bin/curl -s -X GET "https://lookups.twilio.com/v1/PhoneNumbers/$number?Type=carrier&Type=caller-name" -u $accountsid:$authtoken | /usr/local/bin/jq '.'
... given any phone number, I can see, using the twilio API, where the number currently terminates to and who "owns" it - including subscriber name (ie., your name).
I'm glad it continues to work for you because it should and you should be able to use a gvoice number in this fashion but ... you've just gotten lucky so far.
I ported a Verizon number to Google Voice ten years ago and I've used it as my primary phone number ever since, forwarding to my MVNO carrier number. I'd say it works fine with 95% of services, but I have run into some issues. I remember Uber being one service that rejected it. I stopped using Uber when I got a new SIM card for a new carrier, and I had trouble recovering my account which had to be tied to my old carrier number.
Not sure what bank you use, a few banks immediately unenroll your phone number when you switched carrier, most likely as a protection mechanism against SIM swap.
Below is one of the emails I got from Chase:
```
Dear Customer,
Our records indicate that you may have recently changed your mobile service provider or mobile phone number. As a result, Chase services that use this mobile number (such as text banking, text alerts, Chase QuickPaySM etc.) may have been disabled.
I don’t understand the need for a separate phone. Couldn’t you just have a family member install IFTT and receive SMS codes? IFTT could be setup to forward the codes to a separate gmail account that isn’t used for anything else but for you to access these codes.
If the family member uses the same services as you this won't work without a second SIM and multi-SIM devices are rare in the US. (Getting better with eSIM though)
I'm from a small and flat country and no matter where I've been there's always been reception, so I understand the assumption that some people might make that everyone is connected all the time.
But I've been traveling around in the UK and I know you shouldn't take reception for granted. In Malvern, Worcestershire there's no reception in some parts of the city, and in Wales I only have reception in the cities.
We had a situation last week where we were setting up a tool, and I couldn't proceed because they required 2FA through SMS, not a great first impression.
Sorry if I'm a security noob but I have a genuine question.
Why at the beginning I need to use 2FA if I can remember secure enough passwords (or use password managers) and I'll not stupid enough to give the passwords away easily?
In this case 2FA is useful if someone sniffs your password (key logger) and uses it later to try and fail to log in without your presence. Many wireless keyboards don't use encrypted comms. Keyboards can be bugged easily. There is tech to observe to thermals of keys after they are pressed from a distance. And listen to key strokes. Or capture wirelessly transmitted keystrokes with a parabolic dish pointed at you from across the street if you are far away and an SDR or ASIC. Or a compact omni antenna in a backpack sitting next to you if you are in a public area. The possibilities are endless!
These are all CVEs of security issues in the proprietary firmware of wireless input devices, that lead to either eavesdropping or input injection or both.
> I'll not stupid enough to give the passwords away easily?
Don't underestimate a determined adversary. Secondly, look for single points of failure and eliminate them as best you can. If someone gains access to your email, could they perform password resets?
"Sorry if I'm a security noob but I have a genuine question. Why at the beginning I need to use 2FA if I can remember secure enough passwords (or use password managers) and I'll not stupid enough to give the passwords away easily?"
Glad you asked ...
... and your comments children are not just wrong, but completely misunderstand the ecosystem they are discussing.
Mobile telephone 2FA is not for you. It's not to help you - it's not for your security. All of that is bullshit - and demonstrably so[1][2].
What is actually happening is that FAANGs, etc., have a brutal, unrelenting spam/scam problem which they have no idea how to solve.
Forcing every user to burn a phone number tied to a physical SIM card is their last-ditch attempt to throw enough sand in the gears and stay above water.
It sort of works.
It's very painful for end users, introduces all kinds of strange inconveniences and probably doesn't stop determined abusers ... but it seems to work better than anything else they've come up with thus far.
But make no mistake: It's not for you. It is not for your security or safety.
[1] Post-signup challenge to user - help us prove your identity by entering in a phone number you've never shown us before.
[2] Interestingly, very high value logins like brokerage and banking typically allow other forms of 2FA that don't involve burning a mobile number because those firms already have many other routes of identification and verification.
You can send and receive SMS using Wifi only (VoWIFI) which most carriers support even the cheapest MVNOs. It's usually referred to as "WiFi Calling"
Again, you DO NOT need a cell phone tower to send and receive SMS and phone calls. You can register your phone on its home network near a tower and go WiFi-only forever after.
“ One issue is that the protocol for wifi calling is notoriously opaque. Carriers frequently change the underlying infrastructure and protocol details.
Also, the protocol assumes terrestrial broadband with reasonable latency and bandwidth. At McMurdo, as of this writing, latency to terrestrial locations is in excess of 700 milliseconds. Usable bandwidth for any given end user can vary widely, down to a few dozen kilobits per second.
The protocol also doesn’t expose any useful diagnostic info to the end user in order to troubleshoot. You just have to cross your fingers that the magic “wifi calling” icon lights up.”
"You can register your phone on its home network near a tower and go WiFi-only forever after."
This is how it works on paper. You may have had success with this.
It does not work universally. It won't take long to find a bank / FAANG / service provider that refuses to accept anything but a bona fide mobile SIM talking to a base station.
> It does not work universally. It won't take long to find a bank / FAANG / service provider that refuses to accept anything but a bona fide mobile SIM talking to a base station.
How does a SMS sender know this? Is there some mechanism in SMS to only deliver if by certain criteria?
You can use a handset with its SIM card on WiFi without a tower ever again if you provision the SIM card on its home network once. Nobody is suggesting using anything but a handset.
Leaving your phone charged for extended amount of time like this is really bad though. The battery will swell (fire hazzard), it's just a matter of time when. Sometimes you're lucky and it took a year or more for the battery to swell, sometimes it swells just after a few month. The compromise is probably put the phone in a fireproof surface instead of a drawer.
Not sure. I actually had an iphone with battery so swollen, the screen got popped out of the frame by itself. Maybe newer iphones is better at this stuff, but why risk your house burning down when you can take some precaution regardless the type of phone you use.
I have a 5 year old Sony Xperia ZX which has had "battery care" enabled (possibly by default) since I bought it.
It charges the battery to something like 85% until shortly before my alarm is set, or the expected time I'll unplug it if no alarm is set. There isn't a way to manually control this, beyond changing the alarm time.
However, the battery is still going strong after 5 years.
This is a great idea. Can even automate it using home assistant for precise control if you're using android. Home assistant's android client reports battery life to your home assistant instance, so you can write an automation that switched on a smart switch connected to charger when the phone's battery <50% and turn off when it's >95% (or other values optimized for battery longevity.
Wait, what? Aren't batteries and chargers smart nowadays? I thought they automatically care about battery health no matter what the user does (apart from deep discharging of course)!
Modern phones have an option to stop charging at 85%, which mitigates some of the issue as well as extending the battery lifetime. The main thing is the battery needs to go through charge cycles, sitting is death.
As an additional option, if you use the Android/Google Messages app, you can link another device/laptop and any communications are bounced through Google's cloud, but End-to-End encrypted. I use this all the time from my tablet I take into the Data Center, and frequently leave my phone upstairs. Keeps support for RCS as well.
Additionally, you can also use Google Fi, which supports the same messages app, and syncing the messages and responses like Apple's iMessage, just by logging into your Google Account after a little setup. I believe it's also intercepted upstream, and isn't reliant on another device being powered on.
Leaving the Android phone at home and forwarding SMS with IFTTT is an ingenious approach. A similar solution with an iPhone at home could be accomplished with text message forwarding enabled in iMessage: https://support.apple.com/en-us/HT208386
Even worse than Antarctica might be working in a US DoD "vault" or SCIF. Many of us encountered this problem in recent years as various DoD organizations bought into O365.
For a while, I had to enter a password and then get an SMS authentication code once every 24 hours to login to Teams. The problem is that cleared spaces don't allow any personal devices (there's no cellular service anyway with TEMPEST hardening) and the unclassified (NIPRNet) workstations are usually blocked from connecting to websites like Google Voice and some commercial webmail services. The authentication code would timeout after five minutes, and that didn't always leave enough time to exit building, get to my phone with cellular service somewhere, and then re-enter the building and return to my workstation with the authentication code. If you always worked at the same desk, you could set it up to make a voice call to that desk phone number for authentication, but I didn't always work at the same desk.
My own solution was to use my personal Google Voice number for the authentication code, have Google Voice forward those messages to my personal Gmail inbox, and then have Gmail forward those emails to my official DoD email inbox. (Our official email wasn't yet on O365 and only required our smart cards to login, which later became the method for O365 login, thankfully.)
>my personal Google Voice number for the authentication code
A lot of financial institutions do not allow gv/voip numbers anymore. So, I've had to add one more layer to this, namely forwarding sms from phone to gv, which then goes to email. It looks like there aren't great solutions for forwarding sms to email directly on android, but there is an sms forwarder app on f-droid that works for forwarding to gv.
> It looks like there aren't great solutions for forwarding sms to email directly on android
You can also do this with a Particle board or some other similar embedded device running code on bare metal instead of an Android phone. The advantage being that you won't fall victim to a Java crash or software update, and you can probably set up a watchdog reboot on it.
You can use the voice call method of MFA on Teams, send it to a Twilio number, and use a Twilio Studio workflow to automatically pick up and press # a few seconds later to confirm.
It's even worse when you consider the DoD at least have multiple functioning internal PKIs and issue smartcards in the form of the CAC and others to all its users.
I'm sorry, we don't want your fancy crypto, please accept this insecure SMS.
To be fair, I guess it's a product of being an organization of three million people who are globally dispersed, working in every conceivable environment. There are a lot of edge cases. So while smart card login was better for my case, other people worked in situations where username / password and SMS authentication was a dream. At the same time, we want everything to be uniform and interchangeable, because we've seen that patchworks of incompatible solutions can be even worse.
This seems insane to me. If I were in this situation, I would simply not use Teams if I can't log into it. The only way to get situations like this resolved is for the pain to be felt by someone with the power to change it. Absorbing the pain yourself by working around it is just enabling these things.
Who has the power to change it? How do you make them feel pain? Is this the hill you want to die on? If you can't suffer the asinine 2FA problems while trying to get work done on your glacially slow PC in your 88F office, you will not last long enough to make change. More accurately, you'll probably be able to stick around forever, but without promotions, approbation, or influence.
The answer is to be heroically productive, despite all these ridiculous obstacles, and then to use your reputation to build a base of opposition within your organization from which to fight these problems. If that sounds hard, exhausting, and thankless, then you have your answer for why these things don't get fixed.
It doesn't particularly matter who has the power to change it, but it's probably near to the top of the organizational structure.
>How do you make them feel pain?
The way I see it, either:
1. Teams is crucial and not being able to access it easily means eventually things that are important to the people at the top of the organization are missed or take too long. This is the pain you can make them feel. You presumably have your ass covered by raising your issues in writing earlier, so the blame ultimately doesn't rest with you.
or
2. Teams was never important, so not being able to access it easily turns out to not really be that much of an issue for anyone who has any kind of influence.
>you will not last long enough to make change
The person doing this is not trying to make change. Rather, the whole point is to stop insulating decision makers from the consequences of their decisions.
I love your indignation; it validates the way I've felt about various things over the years, so you deserve some explanation of the culture and my thought process:
I'm reminded of the investing maxim that "markets can stay irrational longer than you can stay solvent." I'm a military officer who's not yet senior enough to be vested for retirement benefits, but senior enough to be within striking distance of vesting after 15+ years ("golden handcuffs"). The career model for officers is also "up or out" and every year counts (i.e. one needs to remain within the top 50% of performers who've also devoted the last 15+ years of their lives to this). If it takes the bureaucracy longer than a year to change something stupid, I need to be very thoughtful about what stupid things I choose to protest with disobedience. Furthermore, as someone who works in the IT part of the organization, saying that I can't figure out a way to stay logged into Teams would be an especially bad look. A significant part of my job at the time was helping non-IT people to find solutions for stupid IT problems while advocating for changes to the IT people above me.
I also don’t like giving my permanent, cross-app cross-company tracking identifier to those with whom I am doing business, allowing them to buy tons of additional data about me from data brokers (and selling my transaction data back).
Phone numbers are commonly used for this. I change mine monthly.
157 comments
[ 0.23 ms ] story [ 216 ms ] threadThere's probably some interesting failure modes when trying to get a modern device to stay connected for months on end, without deciding to reboot for a security patch or similar, or taking an automated app update.
If you took a random Android, put in a sim, uninstalled or disabled as many apps as possible, and left it screen off where it had a good view of local towers, you'd have pretty good battery life. It wouldn't be very exciting... but if it just needs to sit in a drawer (hopefully not a metal drawer, see reception issue) and forward a couple sms a week, it'd probably make it through at least one week.
If you go for a model that has a higher capacity battery as a feature, that'll help too.
It should be a case of inserting the SIM card, and use AT commands over serial to send/receive SMS.
Combine it with a watchdog timer and a remote-controlled power-plug and you can even power it off/on again remotely if it crashes.
https://kozubik.com/items/2famule/
I've got a work phone in front of me, all it's used for is getting 2FA prompts (SMS and Duo). Yet randomly I'll find it's rebooted for some update because the manufacturer has decided that I have to have it, and now I have to unlock it to launch Duo. I have disabled updates as much as I can, but it still gets some periodic updates.
I ran a bunch of Android tablets for a while, and their batteries swelled up over time because they sat on charge all the time.
Maybe if you can run a custom ROM to achieve some of this. But it's not an option for my 'work' phone, since the Manufacturer doesn't allow unlocking the boot rom.
My point is not all devices are equal, and I think if I was going somewhere remote I'd probably choose not to rely on a phone.
> 1 year uptime with no crashes or reboots
Android (whatever version) informs me that it's not charging fully for blah blah battery reasons ... which is to say, it is in some way smartly conditioning its own battery.
I can't say any more about it since this isn't my area of expertise but at least with these pixel 4a devices, these issues aren't present.
https://github.com/traccar/traccar-sms-gateway
https://news.ycombinator.com/item?id=28125074
I use a phone in a drawer for MFA codes and use this to access the OTPs remotely, with some minor PHP scripting for a simple web-accessible front-end.
One of these could temporarily be plugged in on request - they could have just a few of them (at whoever is head of IT) for different carriers just for this situation.
https://explorersweb.com/starlink-in-antarctica/
McMurdo could run their own BTS and provide SMS access only to mobile phones if the desire and funding was available. This would give you a legit mobile network registration.
http://openbts.org/
https://www.theverge.com/2022/10/6/23389641/ukama-open-sourc...
Are femtocells just as crappy as WiFi?
I got a TOTP card from Bank of America like 10 years ago. Ended up screwing me a bit when I lost it and then couldn't make changes to my account... I personally kinda hate 2FA now.
Wondering if there's a similar list for European banks.
UPD: there's link to https://2fa.directory/int/#banking on the U.S. page
I would love to switch to a bank that supported TOTP.
I’ve thought about using one a few times, when going travelling overseas for extended trips.
It’s taken me until now to have a personal TOTP process robust enough to want to move my stuff across. When I get back from my current travels, it makes sense to try to move as much as I can to my new, synced, backed-up, personal authenticator solution.
This 'lookup' script that I wrote will properly identify your number as being owned by google voice:
... given any phone number, I can see, using the twilio API, where the number currently terminates to and who "owns" it - including subscriber name (ie., your name).I'm glad it continues to work for you because it should and you should be able to use a gvoice number in this fashion but ... you've just gotten lucky so far.
Below is one of the emails I got from Chase:
``` Dear Customer,
Our records indicate that you may have recently changed your mobile service provider or mobile phone number. As a result, Chase services that use this mobile number (such as text banking, text alerts, Chase QuickPaySM etc.) may have been disabled.
```
But I've been traveling around in the UK and I know you shouldn't take reception for granted. In Malvern, Worcestershire there's no reception in some parts of the city, and in Wales I only have reception in the cities.
We had a situation last week where we were setting up a tool, and I couldn't proceed because they required 2FA through SMS, not a great first impression.
I'll be surprised about most Bluetooth keyboards don't use encryption.
And I feel like it's too panorid for me to worry about someone probing to your keyboard with an USRP or a HT-301.
CVE-2019-13055
CVE-2018-8117
CVE-2010-1184
Don't underestimate a determined adversary. Secondly, look for single points of failure and eliminate them as best you can. If someone gains access to your email, could they perform password resets?
Phishing victims are not categorically stupid.
Glad you asked ...
... and your comments children are not just wrong, but completely misunderstand the ecosystem they are discussing.
Mobile telephone 2FA is not for you. It's not to help you - it's not for your security. All of that is bullshit - and demonstrably so[1][2].
What is actually happening is that FAANGs, etc., have a brutal, unrelenting spam/scam problem which they have no idea how to solve.
Forcing every user to burn a phone number tied to a physical SIM card is their last-ditch attempt to throw enough sand in the gears and stay above water.
It sort of works.
It's very painful for end users, introduces all kinds of strange inconveniences and probably doesn't stop determined abusers ... but it seems to work better than anything else they've come up with thus far.
But make no mistake: It's not for you. It is not for your security or safety.
[1] Post-signup challenge to user - help us prove your identity by entering in a phone number you've never shown us before.
[2] Interestingly, very high value logins like brokerage and banking typically allow other forms of 2FA that don't involve burning a mobile number because those firms already have many other routes of identification and verification.
Again, you DO NOT need a cell phone tower to send and receive SMS and phone calls. You can register your phone on its home network near a tower and go WiFi-only forever after.
“ One issue is that the protocol for wifi calling is notoriously opaque. Carriers frequently change the underlying infrastructure and protocol details.
Also, the protocol assumes terrestrial broadband with reasonable latency and bandwidth. At McMurdo, as of this writing, latency to terrestrial locations is in excess of 700 milliseconds. Usable bandwidth for any given end user can vary widely, down to a few dozen kilobits per second.
The protocol also doesn’t expose any useful diagnostic info to the end user in order to troubleshoot. You just have to cross your fingers that the magic “wifi calling” icon lights up.”
This is how it works on paper. You may have had success with this.
It does not work universally. It won't take long to find a bank / FAANG / service provider that refuses to accept anything but a bona fide mobile SIM talking to a base station.
How does a SMS sender know this? Is there some mechanism in SMS to only deliver if by certain criteria?
Or they do an API lookup and query the type in realtime.
Elsewhere in this thread I posted the syntax for performing this lookup using the twilio API ...
It charges the battery to something like 85% until shortly before my alarm is set, or the expected time I'll unplug it if no alarm is set. There isn't a way to manually control this, beyond changing the alarm time.
However, the battery is still going strong after 5 years.
(I wish they'd make a decent compact successor. The latest "Compact" Xperia phone seems to be 2.5cm taller! https://www.gsmarena.com/sony_xperia_5_iv-11838.php 15.6cm vs 13cm)
I mean, many laptops spend 99% of their time on plugged in/docked, and that doesn't cause any battery problems.
Additionally, you can also use Google Fi, which supports the same messages app, and syncing the messages and responses like Apple's iMessage, just by logging into your Google Account after a little setup. I believe it's also intercepted upstream, and isn't reliant on another device being powered on.
Disc: Googler, not on Messages.
[1] https://kozubik.com/items/2famule/
2FA schemes must always support TOTP.
Potentially, as an alternative, 2FA must not rely on SMS, as it is not secure.
For a while, I had to enter a password and then get an SMS authentication code once every 24 hours to login to Teams. The problem is that cleared spaces don't allow any personal devices (there's no cellular service anyway with TEMPEST hardening) and the unclassified (NIPRNet) workstations are usually blocked from connecting to websites like Google Voice and some commercial webmail services. The authentication code would timeout after five minutes, and that didn't always leave enough time to exit building, get to my phone with cellular service somewhere, and then re-enter the building and return to my workstation with the authentication code. If you always worked at the same desk, you could set it up to make a voice call to that desk phone number for authentication, but I didn't always work at the same desk.
My own solution was to use my personal Google Voice number for the authentication code, have Google Voice forward those messages to my personal Gmail inbox, and then have Gmail forward those emails to my official DoD email inbox. (Our official email wasn't yet on O365 and only required our smart cards to login, which later became the method for O365 login, thankfully.)
A lot of financial institutions do not allow gv/voip numbers anymore. So, I've had to add one more layer to this, namely forwarding sms from phone to gv, which then goes to email. It looks like there aren't great solutions for forwarding sms to email directly on android, but there is an sms forwarder app on f-droid that works for forwarding to gv.
You can also do this with a Particle board or some other similar embedded device running code on bare metal instead of an Android phone. The advantage being that you won't fall victim to a Java crash or software update, and you can probably set up a watchdog reboot on it.
(Yes, I've done this.)
Appart from avalability, at least that's secure :)
I'm sorry, we don't want your fancy crypto, please accept this insecure SMS.
The answer is to be heroically productive, despite all these ridiculous obstacles, and then to use your reputation to build a base of opposition within your organization from which to fight these problems. If that sounds hard, exhausting, and thankless, then you have your answer for why these things don't get fixed.
It doesn't particularly matter who has the power to change it, but it's probably near to the top of the organizational structure.
>How do you make them feel pain?
The way I see it, either:
1. Teams is crucial and not being able to access it easily means eventually things that are important to the people at the top of the organization are missed or take too long. This is the pain you can make them feel. You presumably have your ass covered by raising your issues in writing earlier, so the blame ultimately doesn't rest with you.
or
2. Teams was never important, so not being able to access it easily turns out to not really be that much of an issue for anyone who has any kind of influence.
>you will not last long enough to make change
The person doing this is not trying to make change. Rather, the whole point is to stop insulating decision makers from the consequences of their decisions.
I'm reminded of the investing maxim that "markets can stay irrational longer than you can stay solvent." I'm a military officer who's not yet senior enough to be vested for retirement benefits, but senior enough to be within striking distance of vesting after 15+ years ("golden handcuffs"). The career model for officers is also "up or out" and every year counts (i.e. one needs to remain within the top 50% of performers who've also devoted the last 15+ years of their lives to this). If it takes the bureaucracy longer than a year to change something stupid, I need to be very thoughtful about what stupid things I choose to protest with disobedience. Furthermore, as someone who works in the IT part of the organization, saying that I can't figure out a way to stay logged into Teams would be an especially bad look. A significant part of my job at the time was helping non-IT people to find solutions for stupid IT problems while advocating for changes to the IT people above me.
This drives me crazy. I don't want my phone number to be a single point dependancy for such services.
Phone numbers are commonly used for this. I change mine monthly.