Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1111
Views
5
Helpful
3
Replies

Daily SMS Code?

GNZ
Level 1
Level 1

‎06-15-2021 04:38 PM

Is it possible to send a daily SMS code at midnight that’s valid for 24hrs of use?

We have several services that could really use 2FA, but the operators of these services don’t want to install any new apps, a lot of them can’t due to company policy or simply having dumb phones.

It would be awesome if we could send users a daily code in the morning, that works for a day.

Labels:
0 Helpful
3 Replies 3

DuoPablo
Cisco Employee
Cisco Employee

‎06-15-2021 09:05 PM

Hi @GNZ ,

SMS passcodes are for one-time use only (1 code = 1 auth). Using the Duo Auth API’s /auth endpoint, you could script a daily request to send a batch of SMS passcodes to these users. If SMS Auto Refresh is enabled, said users could have a new batch sent automatically to them once the last code is used. Please see SMS Passcode Settings.

Having a singular code to use throughout the day is possible via Bypass Codes, but these are typically given out to the user administratively (not via SMS or email, at least natively) if the user does not have access to their 2FA device (phone).

If your application(s) can support it, Remembered Devices would be the best way to securely perform a long-lived secondary authentication.

Hope this helps!

GNZ
Level 1
Level 1
In response to DuoPablo

‎06-15-2021 09:30 PM

Our integration is primarily with Ericom Connect, which uses Duo’s RADIUS based authentication, so unfortunately remembered devices isn’t an option for us. The SMS integration is unsupported too as Ericom only contacts the RADIUS server AFTER user 2FA input. Duo isn’t aware someone is trying to log in until after they’ve already entered their code.

The batch codes could possibly work for us, I’ll see what the rest of the team think.

In a perfect world, we would use nothing but Push, but this isn’t a perfect world…

DuoKristina
Cisco Employee
Cisco Employee
In response to GNZ

‎06-17-2021 01:31 PM

With the Auth API, each POST to /auth requesting a new passcode would show up in your authentication logs as a user login. This could be potentially confusing to whomever reviews your logs for anomalous events.

It’s possible to use our Admin API to send SMS passcodes to user phone devices as well, with the advantage of getting logged as an administrative action event instead of as an end-user authentication event.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents