Our team is working remotely now, we have an office mobile phone for two-factor authentication and some other calls. If somebody takes the phone home with them, then they have to be available to receive a call or an SMS if another person logs in to a service that requires two-factor verification. Are there software solutions for this problem? Ideally would like to leave the phone at the office and somehow every employee can remote in to the device to check for SMS.
Call forwarding can be used to forward voice calls to a Twilio (or similar) number that can then be accessed from the web.
SMS is a bit trickier:
* there are Android apps that claim to be able to sync messages with desktop computers (equivalent of Apple's seamless iMessage between iOS and macOS) so might be worth to put the SIM in an Android phone and then give these solutions a try.
* alternatively you can put the SIM in a mobile data dongle and talk to it using AT commands (it should present itself as a serial port) to get/send SMS. Make a little script around that, leave it on the machine and have your people SSH into it.
* if possible, port the number to Google Voice or similar.
> if possible, port the number to Google Voice or similar.
Don't port 2FA to any virtual phone number. Most sites accept those numbers but refuse to send any SMS to them, thereby locking you out of your account.
Are you sure you need to?
Every 2FA login I have seen was designed for a single person.
Perhaps instead of sharing passsword and 2FA between multiple people, you can create separate logns?
Are you sure you can afford to? A lot of the online services charge per user.
For example we reduced the number of users in our Salesforce instance to 1 user per department and this is saving us approx 30000EUR per year which for our small cash strapped startup is significant.
See if you can port the 2-factor authentication to use TOTP tokens (“google authenticator” or similar apps) instead. In that case you can simply distribute the QR codes to each employee via some trusted method (e.g. snail mail) and they can then load the app onto their phone and generate all the needed codes.
A software solution might be twilio. Just set up a SMS to email gateway with them.
That being said, a “shared” second factor is not a good idea and neither is the use of SMS as second factor. This is because an attacker could use a sim swap attack or a S7 attack. Also, you might lose your number for a reason outside of your control.
That being said, you might want to look into an Authenticator (OTP) app (Google, Authy, ...) or a Hardware token like YuhiKey for your needs.
Switch to using personal accounts instead of having shared loginS. That goes against all security best practices (and GDPR) also. Use this opportunity to bring your things in order
This is the right answer, but it's a reality that accounts are very frequently shared, because of laziness, cost, or simply that the service doesn't have good (or any) support for multiple accounts
SMS is a bit trickier:
* there are Android apps that claim to be able to sync messages with desktop computers (equivalent of Apple's seamless iMessage between iOS and macOS) so might be worth to put the SIM in an Android phone and then give these solutions a try.
* alternatively you can put the SIM in a mobile data dongle and talk to it using AT commands (it should present itself as a serial port) to get/send SMS. Make a little script around that, leave it on the machine and have your people SSH into it.
* if possible, port the number to Google Voice or similar.