Doing duo diligence
July 4, 2019 10:09 AM Subscribe
How can I dual authenticate with no cell service?
I'm staying in a place with wifi but no cell service in the entire area. to log into my work email I need dual authentication -- they can send a push, call or text you, but all that requires cell service and my device isn't receiving any of these pushes. I also can't log into my account to get in touch with tech services at my university, nor can I call them bc no cell service. You can't contact them on email from outside the system (ie without logging on) at least until Monday when maybe I could reach a human outside the help center.
So is there any way to rig dual authentication so i can log into my work email?
I'm sorta hoping the answer is no.
I'm staying in a place with wifi but no cell service in the entire area. to log into my work email I need dual authentication -- they can send a push, call or text you, but all that requires cell service and my device isn't receiving any of these pushes. I also can't log into my account to get in touch with tech services at my university, nor can I call them bc no cell service. You can't contact them on email from outside the system (ie without logging on) at least until Monday when maybe I could reach a human outside the help center.
So is there any way to rig dual authentication so i can log into my work email?
I'm sorta hoping the answer is no.
This might depend on the service that you're using. The service I use has the ability to generate a passcode - as long as you have the app connected already. Here's a page about it.
If you don't have a landline, you can also use a service like Skype to call tech services. I'm not sure what options they would have to help, but it's the natural next step if it's important you get into your email.
Of course... you know ... maybe these don't work or you don't know about them ...
posted by Kutsuwamushi at 10:27 AM on July 4, 2019
If you don't have a landline, you can also use a service like Skype to call tech services. I'm not sure what options they would have to help, but it's the natural next step if it's important you get into your email.
Of course... you know ... maybe these don't work or you don't know about them ...
posted by Kutsuwamushi at 10:27 AM on July 4, 2019
My university uses Okta for dual factor authentication; if you download the app to your phone and authenticate the app, you can get pushes over WiFi, but you need cell service to initially authenticate the app. So it depends on whether there is some place convenient/possible to get to that does have cell service just for the initial setup.
posted by Jeanne at 11:04 AM on July 4, 2019
posted by Jeanne at 11:04 AM on July 4, 2019
Best answer: The answer is definitely no. 🎉
posted by Poldo at 11:26 AM on July 4, 2019 [4 favorites]
posted by Poldo at 11:26 AM on July 4, 2019 [4 favorites]
Does your phone / carrier plan allow wifi calling? It's usually a toggle in the Networks section in your Settings
posted by ananci at 11:31 AM on July 4, 2019
posted by ananci at 11:31 AM on July 4, 2019
Response by poster: Thanks so much everyone. I didn't have the app or anything else set up so I am waiting til tomorrow when I can find somewhere to try in cell range. Imagine no work email for a day in 2019...
posted by nantucket at 11:47 AM on July 4, 2019
posted by nantucket at 11:47 AM on July 4, 2019
I'm assuming this is the simple case of login requiring you to type a 6 digit numeric Timed-One Time Passcode (TOTP), received over phone call or SMS, in addition to the password.
Do your phone and carrier support phone calls over wi-fi? Check with your carrier.
For those more technically inclined, patient, and in possession of a laptop or desktop, CallCentric (among other VoIP services) provides telephone-over-internet starting at ~$12/mo; add SMS for a few bucks more. You'll need a 'SIP client' Win/Mac/Linux app, CallCentric has step-by-step web help. And you'll need a working onboard or plugin mic and speakers. CallCentric also does voicemail and can promptly send vm's to your email account for playback.
If your 2FA setup requires you to load an initial barcode for the TOTP, like AWS, there are desktop/laptop TOTP clients available eg Linix's 'oathtool' - you download the authkey barcode, convert it to a text string, feed it to oathtool and get the 6-digit code back. Take care to secure the barcode and its text string because you aren't using a similar smartphone app which would secure it for you. How-tos exist on the web.
posted by zaixfeep at 11:56 AM on July 4, 2019 [1 favorite]
Do your phone and carrier support phone calls over wi-fi? Check with your carrier.
For those more technically inclined, patient, and in possession of a laptop or desktop, CallCentric (among other VoIP services) provides telephone-over-internet starting at ~$12/mo; add SMS for a few bucks more. You'll need a 'SIP client' Win/Mac/Linux app, CallCentric has step-by-step web help. And you'll need a working onboard or plugin mic and speakers. CallCentric also does voicemail and can promptly send vm's to your email account for playback.
If your 2FA setup requires you to load an initial barcode for the TOTP, like AWS, there are desktop/laptop TOTP clients available eg Linix's 'oathtool' - you download the authkey barcode, convert it to a text string, feed it to oathtool and get the 6-digit code back. Take care to secure the barcode and its text string because you aren't using a similar smartphone app which would secure it for you. How-tos exist on the web.
posted by zaixfeep at 11:56 AM on July 4, 2019 [1 favorite]
I think you deserve a break from work e-mail but in case anyone has an emergency like this in the future some cell phone providers allow you to view your text messages online. You might be able to receive the 2FA text message this way.
Link for AT&T.
Link for Verizon.
posted by mundo at 2:30 PM on July 4, 2019
Link for AT&T.
Link for Verizon.
posted by mundo at 2:30 PM on July 4, 2019
As I am learning this week, confirmation code texts do not make it to Verizon's web text interface. Also, eventually Verizon will want to send a confirmation code to your cell phone to let you log into the web texting website.
My employer (a university) uses Duo and has a website that hands out one-use passcodes in exchange for answering security questions and some other extra credentials. I don't remember if I had to set this up for myself in advance. In case you haven't already, maybe try searching for "blah.edu duo temporary passcode?"
posted by esker at 4:09 PM on July 4, 2019 [1 favorite]
My employer (a university) uses Duo and has a website that hands out one-use passcodes in exchange for answering security questions and some other extra credentials. I don't remember if I had to set this up for myself in advance. In case you haven't already, maybe try searching for "blah.edu duo temporary passcode?"
posted by esker at 4:09 PM on July 4, 2019 [1 favorite]
Can you log in to your cell phone provider, and have your voice calls or texts forwarded to a friend's number temporarily?
Or e-mail a work colleague and have them communicate with university tech services?
Additional helpful tip for no cell service:
If you know a friend's cellular provider, you can e-mail to the special address format of that provider to send the friend a text message. For example, if their provider is T-Mobile and their phone number is 212-555-1234, an e-mail to 2125551234@tmomail.net will send a text message to their phone (I always leave a blank subject for these messages, but I don't think it's necessary).
posted by amtho at 4:59 PM on July 4, 2019
Or e-mail a work colleague and have them communicate with university tech services?
Additional helpful tip for no cell service:
If you know a friend's cellular provider, you can e-mail to the special address format of that provider to send the friend a text message. For example, if their provider is T-Mobile and their phone number is 212-555-1234, an e-mail to 2125551234@tmomail.net will send a text message to their phone (I always leave a blank subject for these messages, but I don't think it's necessary).
posted by amtho at 4:59 PM on July 4, 2019
My college went to two-factor a while back, and at the time I had an ancient iPhone 4 that didn't work outside of the US, so I looked into this. At least on the version of the Duo system we're using, all of the methods to log in without cell service require some preparation beforehand.
For shorter trips, I could have Duo text me a list of passcodes before I departed; they're sent out via text message, ten at a time. They'd then be stored on my phone and I could use them to log in up to ten times.
For longer trips, I would have had to buy a hardware token or a security key. I never actually did this because I had to replace my phone before I needed to do so. But I'm pretty sure you need to set that up before you travel somewhere without cell phone service.
posted by Johnny Assay at 11:06 PM on July 4, 2019
For shorter trips, I could have Duo text me a list of passcodes before I departed; they're sent out via text message, ten at a time. They'd then be stored on my phone and I could use them to log in up to ten times.
For longer trips, I would have had to buy a hardware token or a security key. I never actually did this because I had to replace my phone before I needed to do so. But I'm pretty sure you need to set that up before you travel somewhere without cell phone service.
posted by Johnny Assay at 11:06 PM on July 4, 2019
The short answer is you have done more than enough to legitimately say that you have tried. Many end users would have quit long before what you have done.
The longer answer is possibly, but not very easily. If I am reading your question correctly, you are supposed to use Duo Mobile for your two factor authentication, but have not set it up on your phone yet. Depending on how your work set up Duo, you may or may not be able to authenticate your phone online. If you can, then rather be jorting's advice should work.
But, again, you have put enough effort into this. (Belatedly?) Enjoy being off the grid for a bit.
posted by a non mouse, a cow herd at 8:50 AM on July 5, 2019
The longer answer is possibly, but not very easily. If I am reading your question correctly, you are supposed to use Duo Mobile for your two factor authentication, but have not set it up on your phone yet. Depending on how your work set up Duo, you may or may not be able to authenticate your phone online. If you can, then rather be jorting's advice should work.
But, again, you have put enough effort into this. (Belatedly?) Enjoy being off the grid for a bit.
posted by a non mouse, a cow herd at 8:50 AM on July 5, 2019
Seconding ananci that future readers may wish to look into wifi calling/texting. If enabled by your cell provider, it's likely to be a million times easier than anything else being described here.
posted by mosst at 11:26 AM on July 5, 2019
posted by mosst at 11:26 AM on July 5, 2019
« Older Using a cloud-based service to sync to a locally... | Name that (BBC 4?) science programme Newer »
This thread is closed to new comments.
What do you mean by "push"? Is it an app that runs on your phone? That *should* work over wifi - but those are typically a pull, or randomized token code that is generated when you run the app.
posted by jkaczor at 10:22 AM on July 4, 2019