Build a “Google Authenticator” from a Landline with Vonage

Two-factor authentication (2FA) is a security feature that requires both a password and a one-time passcode generated by a mobile phone to access an account. However, 2FA can be problematic if the user loses or damages their mobile device. To address this issue, researchers have developed a system that allows users to access their 2FA passcodes remotely using a voice call. This system uses the Vonage Voice API to connect with a user's phone and read out the passcode when it is entered. The system can be deployed on various platforms, including local deployment with ngrok and Heroku. To use this system, users need to scan a QR code into their mobile device or other authenticator app, which generates a unique secret key that is used to authenticate the user. The system also requires a Vonage API account and a phone number to be set up. While the system has several benefits, including free HTTPS and easy deployment, it also has some limitations, such as requiring hardcoded secrets and lacking protection against brute-forcing.