Dalmatian Digest is a brief, occasional newsletter with practical, actionable operations tips for startup founders. You're on this initial list because I think you'll find it valuable. If you would like to be removed, just hit the "unsubscribe" link at the bottom here. If you have friends who might find this helpful, feel free to forward it on!
TL;DR Give you or your team secure access to accounts requiring phone-based MFA by setting up a Google Voice number that forwards authentication codes to email. This 10-minute solution eliminates the frustration of tracking down teammates just to get a login code.
Why Do You Need To Do This?
Multi-factor authentication (MFA) has become standard practice for securing important accounts. Beyond just a password, MFA requires a second verification method (such as your phone, e-mail, or an authentication app), making unauthorized access significantly more difficult.
Password managers like 1Password have made team security more manageable with built-in authentication code generators. These tools allow more secure sharing of login credentials and MFA tokens across your organization, solving much of the access problem.
However, many services are still stuck with SMS-based verification as the only option, sending codes directly to a specific phone number.
This can cause problems in a few scenarios:
If you’re in my favorite place to get work done (a cross-country flight), SMS won’t come through
If you’re trying to access an account that your team is sharing (budget, seat restrictions, etc), the code can only be accessed on one team member's personal device1.
The Solution: Set up a Google Voice number
Setup Google Voice, a cloud-based phone number, so that MFA codes sent via SMS are forwarded to your email.
Set up a Google Voice number:
Google Voice has different accounts you can choose from. For larger teams, we recommend setting up a business phone number, starting at $10/month. But for startups only sharing codes between a few team members, setting up a personal number on the free plan totally works! Signing up is simple:
Log into Google Voice and choose your desired plan
Select and verify your number
Enter the phone number where you want incoming calls to be forwarded
Enter the verification code
This links your personal phone number to your Google Voice phone number
Configure SMS forwarding to email:
In Google Voice, navigate to the gear icon in the top right corner
Navigate to Messages through the sidebar on the left side of the screen
In the first block on the screen check “forward messages to email”
Forward emails to a shared group:
If sharing access with people across your team, set up a Google Group and forward messages to the email. This way MFA codes can be accessed through one email address.
Open your primary Gmail inbox (the email you used to log into Google Voice)
Navigate to Gmail Settings and select the “forwarding and POP/IMAP” tab
Here you can click “Add a forwarding address” and add your Google Group email or individual address for who you want to forward MFA codes to
This will send verification links from Google to authorize each email
Type “from:text.voice.google.com” in the search bar
Click the filter icon on the right side of the search bar
Optionally, can also include a keyword search, like “verification” in the “Has the words” field to help forward only SMS codes
Select “Create Filter”
Check “Forward it”
Click Create Filter
Congratulations! You’ve now created a centralized authentication channel that you, or authorized team members, can access when needed. Use this as a last resort, when SMS-based authentication is the only option.
Dalmatian Digest is a brief, occasional newsletter with practical, actionable operations tips for startup founders.
If you would like to be removed, just hit the “unsubscribe” link at the bottom. f you have friends who might find this helpful, feel free to forward it on!
1 Nobody in Information Security yell at me for stating this very common reality. Sometimes, there’s no better option - this is advice for those situations, not blanket advice. That being said - please don’t share credentials for sensitive systems. Everyone should have their own access levels appropriately scoped with their own logins for those.
