2FA Codes via E-Mail – here’s how

Two-factor authentication (2FA) most commonly works using one-time passwords – short codes that are often sent to the user by SMS. Each of these passwords can only be used once. For many areas this additional level of security is important or at least sensible, especially anywhere personal data or finances are involved.

For teams in which several members share certain accounts, it can make sense to receive the one-time password via e-mail. An e-mail is much faster and easier to forward than an SMS. In the worst case, two-factor codes are written on paper and carried from office to office by hand, which takes time and is highly insecure.

Forwarding by e-mail, which is then available to the relevant team members, is much more efficient. Here we explain how this works in the seven system.

  • Additional Security

    2FA adds an extra layer of security to your accounts. Protect user data and/or financial information beyond the level of just user name and password.

  • Recommended for everyone

    While it is possible to create virtually “uncrackable” passwords, if someone wants to get access to your accounts, they will find a way. While even multi-factor authentication cannot guarantee 100% security, it makes a hacker’s job that much harder.

  • ...especially shared accounts

    The more team members have access to an account, the less secure it is. By adding in 2FA, you regain at least some level of that lost protection.

What you need to forward 2FA codes via E-Mail

First you need an seven account – the setup is free of charge.

To receive your one-time passwords by e-mail, you will also need an inbound number. Due to the fact that virtual numbers generally do not accept SMS with alphanumeric sender IDs, we recommend that you set up a physical phone number.

Update November 2022: We now offer virtual numbers for some countries, which can receive SMS from alphanumeric senders. If you need such a number, please contact our support directly.

Then set up the forwarding of incoming messages by e-mail in your account under Settings -> Inbound SMS. If you now specify the corresponding phone number as the recipient for two-factor authentications, you will receive the one-time passwords by e-mail and can make them accessible to the team. Whether you use a shared E-Mail account or just forward the codes as needed is up to you.

Setting up Inbound SMS E-Mail

Is it really safe?

For security reasons, it should be noted that this method reduces the level of additional security through multi-factor protection. Furthermore, 2FA based on SMS codes is not exactly the safest thing to do in the first place. The problem lies generally in the sending of SMS messages via the mobile network. As TheVerge reported, it is quite easy for hackers to hijack messages to gain access to an account. We do understand however, that for various reasons more secure methods may not be an option. For example, although it is rare, some services only use SMS for 2FA. In other cases various team members may not work in the same office, building, city or even country, preventing the use of physical security keys. Forwarding login credentials may still be necessary in these teams.

If you want to be more secure, you should consider other options such as special apps or physical security key generators. However, these are again only available to one team member at a time. Since they often work with time-limited security codes, forwarding them by e-mail or SMS doesn’t make much sense. This may seem inconvenient for teams, but is definitely more secure.

Conclusion

Forwarding 2FA codes received by SMS via E-Mail may not be the safest application possible. Depending on your situation as a company or team, it may be the most sensible solution however. Obviously, strict adherence to compliance is always recommended, but in this scenario, it’s even more important. After all, the best protection against hackers and other forms of attack is caution. At seven, we’re happy to help you make your accounts a bit safer and providing the technical framework for team-friendly 2FA.

Best Regards
Your sms77 team

Header picture by BestForBest via iStock.com, edited.

Edited 11/14/22: Added info about virtual phone numbers that can receive SMS from alphanumeric senders.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

This site uses Akismet to reduce spam. Learn how your comment data is processed.