It turns out that after all, you don't need to use your cell phone for Two Factor Authentication (2FA) anymore. Which is great because this is one more thing I don't have to use my cell phone for. I actually found out that using a cell phone for 2FA is apparently bad and insecure, typically that is the normie way of using it anyway. And of course, we aren't just normies, so that is why I'm presenting a solution to this.
In fact, using the SMS protocol for any kind of 2FA should be avoided at all times. Using 2FA this way can leave you vulnerable and the accounts that you have set up to work with it as well. I highly suggest that those of you who are nevertheless currently using your cell phone or the SMS protocol for 2FA, should switch right now to a password manager or some other sort of authenticator app. Note that, these password managers don't have to be and shouldn't be cell phones applications because that too isn't all that secure. Just in general your phone isn't actually your phone, it is more of an illusion and yet these are the most personalized devices that people have presently; more on that in a later post.
On Arch Linux, pass
, is the password manager that I use and it has an installable module pass-otp
which serves the primary purpose of a 2FA on a regular cell phone, except that it doesn't require a cellular monitoring device or the services that come with one. You can use it directly from your computer instead.
Ditch that old way of using 2FA, and install this one. Let's say hypothetically I want to manage Coinbase with 2FA. On Coinbase's website, you have the option to add/change the authenticator app. Next, they'll give you a QR code which you can download (here I'm going to assume it's 'download.png'). Then, you can use zbar
(most likely you'll have to install this) to read the QR code image that was generated by the website and you can then pipe that into the pass
command.
zbarimg -q --raw download.png | pass otp insert coinbase
Now, you will get a 6-digit 2FA code, every time you run pass otp coinbase
. It will also generate another 6-digit 2FA code every few seconds, just like that of a regular cell phone 2FA application.
I sort of always knew about various ways of using 2FA on a computer, but I never bothered to use one, until I tried this. Once you know what you're doing, you can even start using this for API/scripting access on the various websites. It's always an advantage when you have one more thing to not have to use your cell phone for and when you're less reliant on one.
I'm planning on completely abandoning my cell phone, however, I still need to have access to the SMS protocol to receive text messages and calls. Ideally, I'd want to use my computer for receiving text messages without (1) a cell phone and (2) to have the ability to call. I have grown over the years more and more against the use of cell phones because of the direction in which they are heading. My problem is that majority of my classes for school require me to own one, which is practically the only reason I still own a cell phone. Why couldn't people just send messages to a normal cell phone number, but instead I can receive it on my computer without the actual use of a cell phone signal?