How to have a temporary smartphone
May 14, 2020 7:31 AM   Subscribe

For remote access to work for the next few months, I need a smartphone, solely in order to generate a one-time password each time I log on. I currently have a non-smartphone I'm very happy with and want to go on using. How can I manage this?

My provider, Vodafone, will upgrade me to a smartphone at no upfront cost and a monthly fee which is just below what I already pay. But if I do that, as I understand it I wouldn't be able to go on using my-non smartphone, as the sim cards will be different. (Ideally I would just use the smartphone to log on to the network, then go back to the non-smartphone.) Is there anyway around this? Can I get a smartphone with a different number reasonably cheaply? I am in the UK (and ignorant about smartphones in general as is probably evident).
posted by paduasoy to Technology (18 answers total) 1 user marked this as a favorite
in order to generate a one-time password each time I log on.

To approach the question in a different way, can you tell us what system or app is generating the OTP?
posted by zamboni at 7:38 AM on May 14

I'm not keen to name the app because I don't want to increase the chances that my employer could find my account on here. I did have an extremely long conversation with IT trying to find another solution apart from the smartphone one - they really did try to be helpful so I think that route is closed.
posted by paduasoy at 7:41 AM on May 14

How does the one time password work? Does it need sms/mms to function? Does it need data service?

You may need to get more info from your it department, in order to determine the cheapest solution.

If it doesnt need sms/mms, and is just an app, you may not need cell service or a sim for the device, and can buy a cheap compatible unlocked device and use it on wifi without service, and resell once done.
posted by TheAdamist at 7:41 AM on May 14 [5 favorites]

Is the one-time password generator Google Authenticator? You do not need a SIM card in the phone to use GA as long as you have WiFi access. So you don’t need a new number.

I know this because I am currently using GA on my old phone without a SIM card to access some services, since I haven’t yet updated my account settings to authorize my new phone. I suspect it would also work this way for other password generation apps but I haven’t tried them.
posted by mekily at 7:44 AM on May 14

Will the app work on an iPod Touch?
posted by applesurf at 7:45 AM on May 14

Ok, evidently the app is essential info - I will put aside my paranoia - it's AscendID.
posted by paduasoy at 7:48 AM on May 14

Yeah, it depends on the authentication system your company is using. If it's a two-factor authentication (2FA) system, those can usually be sent as a regular text message. If it's an authentiactor app like RSA, Google Authenticator, or Microsoft's Authenticator, it's app-based with a local token stored in your device.

The good news, if it's a basic 2FA, you should be able to keep your existing cell phone. If it's an authenticator app, just get a cheap wifi-only tablet (Amazon Kindle fire, for example; or the Samsung version) and install the authenticator app on there.
posted by Master Gunner at 7:49 AM on May 14 [1 favorite]

If the app is DUO, then there are options to send an SMS or to make a voice-call, too.

You might investigate to see if the system you're using is compatible with a Yubikey. That would take the phone completely out of the equation.
posted by Wild_Eep at 7:49 AM on May 14

Just saw your reply. AscendID is on the Google Play store, so a cheap tablet should work fine.
posted by Master Gunner at 7:50 AM on May 14 [2 favorites]

Ask around and see if any of your friends have an old android phone they don't need anymore. You can hook it up to wifi and use it just for this.
posted by beyond_pink at 7:55 AM on May 14 [5 favorites]

Is there a company like Tracfone in the UK, who sell "burner" smartphones?
posted by briank at 8:01 AM on May 14

This may not work, but it comes to mind: is it possible to install an Android emulator on your computer and install the app on that? Bouncing the idea off my husband, he said an auth app might want to initially identify the device as yours, so may need to send an SMS to a number, but as long as your non-smartphone handles texts, it should be fine. Certainly worth a try?

Also, if your company requires you to have a smartphone-type device to access work, I'd just consider asking them to foot the bill for renting one or purchasing a departmental device to lend you for the duration.
posted by telophase at 8:51 AM on May 14 [2 favorites]

Echoing other responses above: you just need an Android device, any device, and very likely do not need cell service for it -- it should work fine over wifi. (Also almost all OTP apps are exchangable, so you could likely use DUO or Google Authenticator or AscendID)
posted by so fucking future at 8:52 AM on May 14 [2 favorites]

I'd guess that it uses the very standard OATH TOTP protocol standard to generate those codes (though this isn't guaranteed given what I see on the site). OATH TOTP uses a seed (or security code) and the time as inputs to an algorithm and spits out the code. OATH TOTP is used by basically every code generator out there, including Google Authenticator, Microsoft Authenticator, Duo Authenticator, etc. There's absolutely nothing special about the algorithm, though, that requires it to be on a smartphone--a desktop app will work exactly the same (the good part about standards).

Given that, you have 3 options:

1. Get a smartphone/device with mobile OS. This will make your IT team happy, but man that's a burden on you. Also, it's almost certain that the device will NOT need connectivity to generate those tokens, unless it's doing something else behind the scenes (like phoning home with location or something).

2. Find a desktop OATH TOTP code generator app. There are plenty out there, I don' t have any I can recommend directly. Cost is free if you have a PC.

3. Use a programmable physical token, like one from Yubico. Some tokens come with a seed pre-programmed--those won't work. But others let you input your own seed, which you'd get from whatever setup process you use with your app. This will be a little fiddly, so YMMV. These are pretty inexpensive, at very most $50 but likely less.

Option #1 is the safe one, but at least trying out #2 or #3, if you can make them work and assuming there's nothing hinky going on that truly requires the AscendId app, will be much less expensive.
posted by Special Agent Dale Cooper at 10:19 AM on May 14 [1 favorite]

Seems to me that if this is a work requirement and you have worked with IT on this, it is time for your Company to spring for a smartphone with minimal service for you. Ask your company to get you whatever device is the minimal amount of software, hardware, service so that you can work on their stuff with it.
posted by AugustWest at 10:45 AM on May 14 [5 favorites]

It is your company's IT department's job to find a solution and provide you with the necessary equipment to do your job from home, not yours. Push back on them trying to make it your problem.
posted by Jacqueline at 11:21 AM on May 14 [5 favorites]

An Android emulator on a computer should in fact work. Probably worth a try, anyway.
posted by kindall at 12:07 PM on May 14 [1 favorite]

Thank you, this has all been really helpful and given me the language to go back and discuss it with IT again. They have been able to switch me to email verification. I can't quite mark this as resolved yet because the organisation has another problem which is preventing users from logging in, but I am hopeful that as far as I can see it will work when that is sorted.

Thank you for the tips about WiFi-enabled devices and android emulators. Those are my next steps if this doesn't turn out to be resolved.

All your answers really helped me to understand this and to navigate the process - thanks so much.
posted by paduasoy at 4:30 AM on May 15 [1 favorite]

« Older White privilege? Something less benign?   |   Need to make online animation of business process... Newer »

You are not logged in, either login or create an account to post comments