
Ask HN: Team now works remotely, what to do with office phone for 2FA? - sexy_seedbox
Our team is working remotely now, we have an office mobile phone for two-factor authentication and some other calls. If somebody takes the phone home with them, then they have to be available to receive a call or an SMS if another person logs in to a service that requires two-factor verification. Are there software solutions for this problem? Ideally would like to leave the phone at the office and somehow every employee can remote in to the device to check for SMS.
======
Nextgrid
Call forwarding can be used to forward voice calls to a Twilio (or similar)
number that can then be accessed from the web.

SMS is a bit trickier:

* there are Android apps that claim to be able to sync messages with desktop computers (equivalent of Apple's seamless iMessage between iOS and macOS) so might be worth to put the SIM in an Android phone and then give these solutions a try.

* alternatively you can put the SIM in a mobile data dongle and talk to it using AT commands (it should present itself as a serial port) to get/send SMS. Make a little script around that, leave it on the machine and have your people SSH into it.

* if possible, port the number to Google Voice or similar.

~~~
madamelic
> if possible, port the number to Google Voice or similar.

Don't port 2FA to any virtual phone number. Most sites accept those numbers
but refuse to send any SMS to them, thereby locking you out of your account.

------
theamk
Are you sure you need to? Every 2FA login I have seen was designed for a
single person. Perhaps instead of sharing passsword and 2FA between multiple
people, you can create separate logns?

~~~
zaro
Are you sure you can afford to? A lot of the online services charge per user.

For example we reduced the number of users in our Salesforce instance to 1
user per department and this is saving us approx 30000EUR per year which for
our small cash strapped startup is significant.

------
javagram
See if you can port the 2-factor authentication to use TOTP tokens (“google
authenticator” or similar apps) instead. In that case you can simply
distribute the QR codes to each employee via some trusted method (e.g. snail
mail) and they can then load the app onto their phone and generate all the
needed codes.

~~~
staz
or set up your various TOTP in KeePassXC which is Free (and FOSS), set a very
strong password and sync the database via Dropbox or others.

------
sebst
A software solution might be twilio. Just set up a SMS to email gateway with
them.

That being said, a “shared” second factor is not a good idea and neither is
the use of SMS as second factor. This is because an attacker could use a sim
swap attack or a S7 attack. Also, you might lose your number for a reason
outside of your control.

That being said, you might want to look into an Authenticator (OTP) app
(Google, Authy, ...) or a Hardware token like YuhiKey for your needs.

~~~
tfolbrecht
Twilio numbers don't receive Short Code messages (the weird six digit phone
numbers) which most 2FA messages come from.

------
tfolbrecht
I'd advise against a Twilio number, Support told me they can't handle Short
Codes so its very unreliable for SMS 2FA.

I was using an Android device, KDE Connect app and a Linux box to view 2FA
messages. Works, but it's a string of hacks.

Hope some better solutions come up in this post.

------
rahulyadav
You can use Duo for free for up to 10 users: [https://duo.com/pricing/duo-
free](https://duo.com/pricing/duo-free)

------
Raed667
For SMS you can use PushBullet which will forward all received SMS and
notifications to your browser.

------
ToFab123
Switch to using personal accounts instead of having shared loginS. That goes
against all security best practices (and GDPR) also. Use this opportunity to
bring your things in order

~~~
akadruid1
This is the right answer, but it's a reality that accounts are very frequently
shared, because of laziness, cost, or simply that the service doesn't have
good (or any) support for multiple accounts

------
toomuchtodo
Have you considered using Google Voice as a shared 2FA solution for your team?

~~~
tehlike
I was going to say that. Google voice or project fi is pretty good.

------
tbrock
Switch to using Authy. End of thread.

