The Problem With 2 Factor Authentication
This one isn’t based on an article, but more based on experience. I was trying to find out how to secure an account with 2FA/multi-factor authentication that needed to be shared for various reasons. Most security experts will groan because it really is not something you are NOT supposed to do, especially in a business setting. Everyone should have their own accounts so you can monitor and trace back a breach, and have one less breach variable when analyzing a breach. Real life isn’t perfect though so sometimes you can’t get away from having to share an account.
A Solution to Shared 2 Factor Authentication
I was searching for a way, and found a method that might work for some people. I’ll break it down into three sections, since there are three methods to 2 factor authentication.
Phone
This one can be tricky because many people don’t have shared phone numbers. I found a way to do this with Zoom, by using their shared numbers, where I can add many people to a single phone number. There is an additional cost since you do need to pay for an additional phone number, but for the convenience, it is relatively inexpensive.
Google Voice, or other VOIP systems should has a method to add multiple numbers to the same single phone number. You can experiment with adding multiple phone numbers to forward. Google does provide free Google Voice so it should be relatively easy to test.
Text
This one is a little more tricky for me, I wasn’t able to set up the shared number with text in Zoom, so the only way it works for me is through phone calls, which can be a little tiresome. Some 2FA systems also don’t send to VOIP numbers so you have to have a cell phone or equivalent service that doesn’t use VOIP. Many companies have recognized the limitations of the 6 digit 2FA code that is only able to be sent to mobile numbers, and are starting to use full 10 digit numbers, so your mileage may vary depending on the system. The Google Voice number is able to accept text messages that you can access via the cloud, so that is a possibility to use and share as needed.
Rolling Code
This one can be a multi-step process, which is why I think people don’t like this option even if its a single person setup. Authy, a well known 2FA system doesn’t “support” shared 2FA, but it does make it easy to backup and restore codes. to another device. In my case, I was able to install the program on my computer, back up the code, and then restore it to another device using the shared 2FA phone number & shared email I created for 2FA codes. It did take a couple tries for me to get the code to back up and restore successfully but was able to get it to work.
Finally...
Once you have it set up, it does making sharing 2FA codes a lot easier, especially when sharing accounts like Amazon, or Gmail where you want to share an email or shopping account but also want to keep it secure. While I didn’t lay out the steps, if you want me to make another post on how to set it up for some systems, comment, and I’ll create another post with steps on how to set it up. I am curious how many people have 2FA set up on their accounts and what type they use. Knowing the difficulty of setting up 2FA I feel like the number will be low, and the number who uses Authy or a rolling code system (which is more secure) will be lower.
Kommentarer