{"id":16566,"date":"2019-11-27T15:03:56","date_gmt":"2019-11-27T14:03:56","guid":{"rendered":"https:\/\/www.sms77.io\/?p=16566"},"modified":"2024-07-03T14:33:27","modified_gmt":"2024-07-03T12:33:27","slug":"2fa-codes-via-e-mail-heres-how","status":"publish","type":"post","link":"https:\/\/www.seven.io\/en\/blog\/2fa-codes-via-e-mail-heres-how\/","title":{"rendered":"2FA Codes via E-Mail &#8211; here&#8217;s how"},"content":{"rendered":"<section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><p><strong><a href=\"https:\/\/seven.io\/en\/solutions\/application-areas\/two-factor-authentication\/\" rel=\"noopener\">Two-factor authentication<\/a> (2FA) most commonly works using one-time passwords &#8211; short codes that are often sent to the user by SMS. Each of these passwords can only be used once. For many areas this additional level of security is important or at least sensible, especially anywhere personal data or finances are involved.<\/strong><\/p>\n<p>For teams in which several members share certain accounts, it can make sense to receive the one-time password via e-mail. An e-mail is much faster and easier to forward than an SMS. In the worst case, two-factor codes are written on paper and carried from office to office by hand, which takes time and is highly insecure.<\/p>\n<p>Forwarding by <strong>e-mail<\/strong>, which is then available to the relevant team members, is much more efficient. Here we explain how this works in the seven system.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small color_alternate\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"smile_icon_list_wrap ult_info_list_container ult-adjust-bottom-margin  \"><ul class=\"smile_icon_list left square with_bg\"><li class=\"icon_list_item\" style=\" font-size:72px;\"><div class=\"icon_list_icon\" data-animation=\"\" data-animation-delay=\"03\" style=\"font-size:24px;border-width:1px;border-style:none;background:#ffffff;color:#00d488;border-color:#333333;\"><i class=\"Defaults-user-secret\" ><\/i><\/div><div class=\"icon_description\" id=\"Info-list-wrap-9123\" style=\"font-size:24px;\"><h3 class=\"ult-responsive info-list-heading\"  data-ultimate-target='#Info-list-wrap-9123 h3'  data-responsive-json-new='{\"font-size\":\"desktop:16px;\",\"line-height\":\"desktop:24px;\"}'  style=\"\">Additional Security<\/h3><div class=\"icon_description_text ult-responsive\"  data-ultimate-target='#Info-list-wrap-9123 .icon_description_text'  data-responsive-json-new='{\"font-size\":\"desktop:13px;\",\"line-height\":\"desktop:18px;\"}'  style=\"\"><p>2FA adds an <strong>extra layer of security<\/strong> to your accounts. Protect user data and\/or financial information beyond the level of just user name and password.<\/p>\n<\/div><\/div><div class=\"icon_list_connector\"  style=\"border-right-width: 1px;border-right-style: dashed;border-color: #333333;\"><\/div><\/li><li class=\"icon_list_item\" style=\" font-size:72px;\"><div class=\"icon_list_icon\" data-animation=\"\" data-animation-delay=\"03\" style=\"font-size:24px;border-width:1px;border-style:none;background:#ffffff;color:#00d488;border-color:#333333;\"><i class=\"Defaults-check-square-o\" ><\/i><\/div><div class=\"icon_description\" id=\"Info-list-wrap-5730\" style=\"font-size:24px;\"><h3 class=\"ult-responsive info-list-heading\"  data-ultimate-target='#Info-list-wrap-5730 h3'  data-responsive-json-new='{\"font-size\":\"desktop:16px;\",\"line-height\":\"desktop:24px;\"}'  style=\"\">Recommended for everyone<\/h3><div class=\"icon_description_text ult-responsive\"  data-ultimate-target='#Info-list-wrap-5730 .icon_description_text'  data-responsive-json-new='{\"font-size\":\"desktop:13px;\",\"line-height\":\"desktop:18px;\"}'  style=\"\"><p>While it is possible to create virtually &#8220;uncrackable&#8221; passwords, if someone <em>wants<\/em> to get access to your accounts, they will <strong>find a way<\/strong>. While even multi-factor authentication cannot guarantee 100% security, it makes a hacker&#8217;s job <strong>that much harder<\/strong>.<\/p>\n<\/div><\/div><div class=\"icon_list_connector\"  style=\"border-right-width: 1px;border-right-style: dashed;border-color: #333333;\"><\/div><\/li><li class=\"icon_list_item\" style=\" font-size:72px;\"><div class=\"icon_list_icon\" data-animation=\"\" data-animation-delay=\"03\" style=\"font-size:24px;border-width:1px;border-style:none;background:#ffffff;color:#00d488;border-color:#333333;\"><i class=\"Defaults-group users\" ><\/i><\/div><div class=\"icon_description\" id=\"Info-list-wrap-6839\" style=\"font-size:24px;\"><h3 class=\"ult-responsive info-list-heading\"  data-ultimate-target='#Info-list-wrap-6839 h3'  data-responsive-json-new='{\"font-size\":\"desktop:16px;\",\"line-height\":\"desktop:24px;\"}'  style=\"\">...especially shared accounts<\/h3><div class=\"icon_description_text ult-responsive\"  data-ultimate-target='#Info-list-wrap-6839 .icon_description_text'  data-responsive-json-new='{\"font-size\":\"desktop:13px;\",\"line-height\":\"desktop:18px;\"}'  style=\"\"><p>The more team members have access to an account, the <strong>less secure<\/strong> it is. By adding in 2FA, you regain at least some level of that lost protection.<\/p>\n<\/div><\/div><div class=\"icon_list_connector\"  style=\"border-right-width: 1px;border-right-style: dashed;border-color: #333333;\"><\/div><\/li><\/ul><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><h2>What you need to forward 2FA codes via E-Mail<\/h2>\n<p>First you need an <strong>seven account<\/strong>\u00a0&#8211; the setup is free of charge.<\/p>\n<p>To receive your one-time passwords by e-mail, you will also need an <a href=\"https:\/\/seven.io\/en\/products\/inbound-sms\/\" rel=\"noopener\">inbound number<\/a>. Please make sure that you pick a number that is labelled with A2P, because only those are able to receive SMS by alphanumerical senders.<\/p>\n<p>Then set up the forwarding of incoming messages by e-mail in your account under <strong>Settings -&gt; Inbound SMS<\/strong>. If you now specify the corresponding phone number as the recipient for two-factor authentications, you will receive the one-time passwords by e-mail and can make them accessible to the team. Whether you use a <strong>shared E-Mail account<\/strong> or just forward the codes as needed is up to you.<\/p>\n<\/div><\/div><div class=\"w-separator size_medium\"><\/div><div class=\"w-image align_center\"><div class=\"w-image-h\"><img decoding=\"async\" width=\"1024\" height=\"621\" src=\"https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-1024x621.png\" class=\"attachment-large size-large\" alt=\"Setting up Inbound SMS E-Mail\" loading=\"lazy\" srcset=\"https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-1024x621.png 1024w, https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-300x182.png 300w, https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-1536x931.png 1536w, https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-2048x1242.png 2048w, https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-600x364.png 600w, https:\/\/www.seven.io\/wp-content\/uploads\/Setting-up-the-Inbound-SMS-E-Mail-1-768x466.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><h2>Is it really safe?<\/h2>\n<p>For security reasons, it should be noted that this method reduces the level of additional security through multi-factor protection. Furthermore, 2FA based on SMS codes is not exactly the safest thing to do in the first place. The problem lies generally in the sending of SMS messages via the mobile network. <a href=\"https:\/\/www.theverge.com\/2017\/9\/18\/16328172\/sms-two-factor-authentication-hack-password-bitcoin\" target=\"_blank\" rel=\"noopener noreferrer\">As TheVerge reported<\/a>, it is <strong>quite easy<\/strong> for hackers to hijack messages to gain access to an account.\u00a0We do understand however, that for various reasons more secure methods may <strong>not be an option<\/strong>. For example, although it is rare, some services only use SMS for 2FA. In other cases various team members may not work in the same office, building, city or even country, preventing the use of physical security keys. Forwarding login credentials may still be necessary in these teams.<\/p>\n<p>If you want to be more secure, you should consider <strong>other options<\/strong> such as <strong>special apps<\/strong> or <strong>physical security key<\/strong> generators. However, these are again only available to one team member at a time. Since they often work with time-limited security codes, forwarding them by e-mail or SMS doesn&#8217;t make much sense. This may seem inconvenient for teams, but is definitely <strong>more secure<\/strong>.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><h2>Conclusion<\/h2>\n<p>Forwarding 2FA codes received by SMS via E-Mail may not be the <strong>safest application<\/strong> possible. Depending on your situation as a company or team, it may be the <strong>most sensible solution<\/strong> however. Obviously, strict adherence to compliance is always recommended, but in this scenario, it&#8217;s <strong>even more important<\/strong>. After all, the best protection against hackers and other forms of attack is caution. At seven, we&#8217;re happy to help you make your accounts a bit safer and providing the technical framework for <strong>team-friendly 2FA<\/strong>.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"w-separator size_medium with_line width_default thick_1 style_solid color_border align_center with_text with_content\"><div class=\"w-separator-h\"><h6 class=\"w-separator-text\"><span>Best Regards<\/span><\/h6><\/div><\/div><div class=\"w-image align_center\"><div class=\"w-image-h\"><img decoding=\"async\" width=\"289\" height=\"38\" src=\"https:\/\/www.seven.io\/wp-content\/uploads\/2017\/07\/unterschrift-1.png\" class=\"attachment-full size-full\" alt=\"Your sms77 team\" loading=\"lazy\" \/><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><p style=\"text-align: center;\"><i data-stringify-type=\"italic\">Header picture by BestForBest via\u00a0<\/i><i data-stringify-type=\"italic\">iStock.com, edited.<\/i><\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section><section class=\"l-section wpb_row height_small\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_flex valign_top type_default stacking_default\"><div class=\"vc_col-sm-12 wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><p><strong>Edited 11\/14\/22:<\/strong> Added info about virtual phone numbers that can receive SMS from alphanumeric senders.<\/p>\n<p><strong>Edited 07\/03\/24:<\/strong> Replaced info on virtual phone numbers with the info to get an A2P number.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section>\n","protected":false},"excerpt":{"rendered":"Two-factor authentication (2FA) most commonly works using one-time passwords &#8211; short codes that are often sent to the user by SMS. Each of these passwords can only be used once. For many areas this additional level of security is important or at least sensible, especially anywhere personal data or finances are involved. For teams in...","protected":false},"author":1,"featured_media":16613,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[405],"tags":[419,308,418,420],"class_list":["post-16566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy-security-en","tag-2fa-en","tag-data-protection","tag-security","tag-sms2e-mail-en"],"_links":{"self":[{"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/posts\/16566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/comments?post=16566"}],"version-history":[{"count":35,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/posts\/16566\/revisions"}],"predecessor-version":[{"id":92949,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/posts\/16566\/revisions\/92949"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/media\/16613"}],"wp:attachment":[{"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/media?parent=16566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/categories?post=16566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.seven.io\/en\/wp-json\/wp\/v2\/tags?post=16566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}