Issue
Zendesk Text does not receive verification messages for 2-factor authentication (2FA) or multi-factor authentication (MFA).
Resolution
By default, long code numbers cannot receive messages from short code numbers.
Avoid setting up a verification code to be sent to your Zendesk number. Since multiple agents would then have access to the security code, this could allow for a security breach. To resolve this issue, set up authentication messages to be sent to an individual agent's phone.
For more information, see this article: Using 2-factor authentication.
4 comments
Joe McCarthy
Hi Carl McDowell - thanks for this article - you mention that "by default, long code numbers cannot receive messages from short code numbers" but can this be adjusted in Zendesk settings somewhere? We receive short code numbers to our mobile phones (long code numbers) for other MFA services, so it must be possible, right?
0
Noly Maron Unson
Hi Joe,
Unfortunately, there is no setting that can enable this in Zendesk. I understand that this works outside of Zendesk but as stated in the article, it is not possible in Zendesk to avoid any security breach when receiving short codes like OTP and security codes.
Thank you.
0
Jack Ratner
Hi there,
Some platforms require posting a public business phone number, and require an OTP confirmation step to post that number. It would be great to be able to use our Zendesk support number as our publicly listed business number so that we can leverage our support team to respond to inquiries in a timely manner. Deliberately preventing the receipt of OTP codes to our Zendesk support number prevents what I believe to be a legitimate use case.
1
Vince Anido
Jack Ratner brings up a very important point. Google play is currently requiring organizations to verify their public number via an OTP. They require a phone number to be listed on the store and only provide an automated authentication loop that is sent via shortcode number.
I've been unable to get any codes OR automated calls with their system to get through our Zendesk number. To me this is a very large problem. Please consider a work around for this use-case. Perhaps an admin's cell phone as forwarding number for these messages? Time-windowed openings for single use?
There are ways to securely handle this and it will definitely be a bigger issue moving forward.
3