Forum Discussion
MFA without a Cellphone
We're an agricultural manufacturer in North Dakota and I am the entire IT department here. I started getting these same warnings 5 days ago, so Security Defaults are going to be turned on in 10 days. I'm freaking out because we have people working here who don't even HAVE cell phone, and sales reps in the US and Canada. I'm fine if Security Defaults automatically configures to NOT prompt for MFA for anyone on-site (on the local network), but what about my sales reps? By the way, one of my sales reps has a old-school "feature" phone (aka not a smartphone) and is one of the guys who hates new technology.
Something tells me I'm between a rock and a hard place: Either I deal with the ridiculous fallout of forced MFA, or I pay extra to enable Conditional Access and simply turn off MFA across the board. UGH.
I used a Token2 physical token (from a company in Switzerland) that essentially mimics a secondary Auth App (like google authenticator). When prompted for 2FA, you select alternate authenticator, you scan the QR code into their app, hold the token close to your cell phone and it basically transfers hash to the physical token. We did not have to upgrade our Azure accts to P1 or P2 because to Azure, you are using Google Authenticator and the like. Worked great for a user on the floor who didn't have a desk phone for office phone auth, and we don't allow cell phones on the production floor. Was quick and easy. You can Google Token2. There is at least one party who has them on Amazon.
Only issue is when the user is prompted, it tells them to put in their Auth App code. You just explain to them that it is asking for the number on the token, not something on their phone.
tfrain luvsql saucyknave Kidd_Ip it-lett why has noone suggested Authy? Works like a charm for me.
I have not considered Authy. A quick search turns up:
https://usa.kaspersky.com/blog/2fa-practical-guide/16398/
"The main disadvantage of Authy is that it requires you to set up an account linked to a mobile phone number — otherwise it won't work at all."
Since this particular thread is "MFA without a Cellphone" that is probably a non-starter.
