Frajedo

I’m young, lacking experience on the role. Previously, I was a DevOps engineer at the company (first 15-ish employee). Looking to take on the challenge and read inspiring and useful books.

I developed an internal web application allowing us to centrally manage our repositories configurations, pipelines and launch orchestrated deployments from GitHub as we were not able to do so in a straightforward way from the GitHub interface (we have around 50 microservices and I was in charge of releases).

I am wondering if other people around here have this kind of problems and if it might be worth to open source this project.

I've been reading for a while that in order to run automated E2E tests on web or mobile platforms the best approach was to either not test MFA flows or simply bypass them with the good old if(!prod){}.

So I decided to code this thing called GetMyMFA (https://get.mymfa.io).

What do you think about the topic? Is this actually a "problem" for you?

I have built https://get.mymfa.io and managed to get ~75 active paid customers but so far I have not been able to get in touch with any of them to efficiently gather feedback.

I have tried getting in touch either through generic and/or personalised emails asking them to book a 15 minute slot in their agendas but I haven't gotten many interesting responses so far (~2-3 users wished to share some feedback).

How do you manage to engage with your customers and make sure you can setup a quick call to chat with them? Is there a more efficient approach like a questionnaire and offering discounts if they reply ?

Thanks! :)

Hello HN,

What third party service would you recommend to have a smooth and visually attractive sign up process for users? The service should be able to submit the sign up elements to a webhook API (no sensitive info is shared at that point).

I am currently using Typeform for GetMyMFA (https://get.mymfa.io) but unfortunately there is a maximum of 10 monthly questions and paying 20 bucks per month for « only » 100 sign ups is definitely excessive.

Thanks in advance!

Hello HN!

I have built GetMyMFA (https://get.mymfa.io), a simple web application allowing individuals and businesses to simply rent and receive SMS Multi-Factor Authentication Codes.

This website has been built after our business had the need to test our mobile and web applications with multi-factor authentication through multiple users (thanks Quality Assurance team!).

Being a reader of HN and multiple entrepreneurship communities, I felt that building this product might be worth the effort as it is likely that other businesses have the same problematics as ours!

I am having a hard time defining a strategy to efficiently approach my target customers (small businesses & iOS Development companies). Currently, I am cold-messaging via LinkedIn CTOs of these companies but the approach doesn't feel very efficient.

This leaves me wondering the following two things:

1. Am I getting in touch with the actual target customers? What do you think would be the most efficient way to quickly validate or refute my hypothesis? 2. How would you efficiently contact startups and small businesses developing iOS applications and/or building their QA team?

Thanks a lot in advance

Trying to scale https://get.mymfa.io and I feel that companies that could benefit the most from the service would be: 1) small companies building a QA team (or outsourcing it) 2) startups (fintechs) getting ready to submit their app to the App Store with a Two-Factor Authentication mechanism.

I am having a hard time trying to figure out a channel to communicate efficiently to potential customers.

Thank you very much in advance for your time!

Hello there HN!

I just wanted to share with you a product I've been working on for a while. The product is called GetMyMfa and is accessible at https://get.mymfa.io. The objective of this project is to allow organizations to safely and easily share Multi-Factor Authentication codes for their Quality Assurance and Apple App Store review processes.

*Where the idea came from:*

I am currently working with multiple customers in the FSI domain (Financial Services Industry) and I am often required to perform tests in production and staging environments with multiple accounts. As production and staging accounts, these accounts are generally required to have at least an SMS 2FA system in place. When performing tests in such sensitive accounts, a single individual usually owns all phone numbers linked to these accounts and shares received MFA codes via a phone call with the various people performing tests in these accounts. I believe this represents a security concern and a bypass of the Multi-Factor Authentication principles.

In addition, when submitting iOS applications to the App Store, Apple performs a human review process in which they need to login to the application. When MFA is enforced for all production accounts, Apple rejects the application unless a way is implemented to allow them to login. This often leaves developers with two options: Develop a front-end only demonstration mode, or bypass the MFA mechanism for a specific account.

*Therefore, the project aims to:*

1. Allow organizations to rent virtual phone numbers and have their SMS MFA codes be displayed in a private web interface; 2. Organizations have fine-grained access control allowing them to control who can access their virtual phone numbers MFA Codes; 3. Access granting to virtual phone numbers can be time-based.

*On the security perspective, I aim to allow businesses to:*

1. Avoid spending time in building a security login "bypass" (and all the security issues that often come with it); 2. Avoid building a "demonstration" mode exclusively for Apple on their mobile applications; 3. Avoid using public websites with public phone numbers accessible to anyone.

What do you think? Would you use such product for your business in order to safely manage SMS Multi-Factor-Authentication sharing in production accounts? I would love hearing your feedback on the pros and cons you see about this product.

All the best