Query
Can Multi-Factor Authentication (MFA) be set up using an email address to receive authentication codes?
or
My workplace does not allow the use of personal mobile phones. What other options do I have?
Solution
No, your email address cannot be used to receive MFA codes due to security reasons. If someone can gain access to your email account, they would then be able to reset your password and get your MFA codes directly.
Alternatively, if you cannot or do not want to use a mobile phone, a few other authentication options that can be used include:
- USB tokens. An example is YubiKey. Plug in the YubiKey to a USB port enter the number displayed on screen.
- Desktop App. If you prefer to keep your MFA verification code generation separate from your browser, you can install a standalone desktop app such as winauth. See Multi-Factor Authentication (MFA) - How do I use WinAuth?
- Chrome Browser extensions. Using a Chrome extension will work on any device that runs the desktop version of the browser. Authenticator for Chrome, for example, works in Linux, on Google's Chromebook laptops, as well as on Mac and Windows PCs.
To set these up follow the instructions to set up MFA using an Authentication App.
The end of the process will ask you to enter your mobile phone number for recovery purposes to identify yourself. We do not send Text Messages to your phone for this purpose.
Note: with Multi-factor authentication (MFA), one factor is the device you want to log in with, and another factor is the device you use to generate codes. If you're generating codes on the same device you're logging in on (Desktop App or Chrome Extension), your account will not be as secure as one which uses a separate device.