Hi. I am a total newbie here, so please forgive any basic questions/assumptions.
My workplace uses extensive 2FA for most of its apps, meaning that I'm constantly hitting notifications on my phone all day long. This is a major annoyance.
It would bring me great satisfaction if I had a large button on my desk that I could hit in lieu of tapping the tiny notification on my phone each time it appears. To do so, I suppose I need to solve a series of smaller problems:
Finding a large button (assuming this is the easy part)
Getting the button to communicate with my phone (assuming this is harder)
Getting the button to then interact with a specific notification from a specific 2FA app (assuming this will be the hardest part by far)
I am certainly not looking for somebody to post a complete end-to-end solution; I'd just really appreciate some advice about whether this is even feasible or not before I spend too much time down various rabbit holes.
I don't think it's feasible either using Arduino or in any other way. Mostly because, as far as I know, 2FA apps are (should be) protected from "robot-clicking" to prevent "non humans" to do automated things, invalidating the added security.
Sorry.
I mean feasible in the most basic sense, i.e. is it even possible? It'd be a personal project, so in terms of time/cost it'd have to be something that I can realistically do in my spare time.
As you're saying that it's certainly possible, do you disagree with docdoc's point about 2FA applications disallowing that sort of interaction?
One possible implementation: a cradle for the phone, with camera, microphone and actuators. The camera looks at the phone screen, and the actuators can be moved to perform button or touch screen operation. Microphone can be used to listen for alerts.
That is perhaps not the solution you were thinking of, but I am sure it is technically possible.
I'm not an expert on 2FA systems, but I don't know that they prevent "robo-clicking". It would seem like a good idea though, otherwise an attacker could install an app (malware) on your phone which acknowledges the 2FA without your knowledge, thus bypassing the security.
However, I don't think a 2FA app can prevent a device external to the phone acknowledging the 2FA.
Well, I have never tried to do such kinda operation, but I work (also) for security companies, and I'm asking you, just to make an example, if Google Authenticator and RSA Authenticate both even prevent the user from doing a simple screenshot (an Android native system function), what makes you think they could be completely fooled by a software that simulates pressing a button on that application? Rest assured those who program security software don't do this nonsense, if they do it they could be fired (or the company isn't reliable).
Pretty clear that I'd have to build some kind of mechanical system that stimulated an actual finger rather than have any sort of purely software-driven solution that integrated with the OS. I'll just have to decide if that's a route I want to go down!