Ask LH: Can I Use Two-Factor Authentication Overseas?

I want my email and the rest of my digital life to be secure, so I like the idea of two-factor authentication. The problem is I travel a lot. When I am in Europe or the US, I don't use my Australian phone because I don't want to pay for roaming, and because I may be away for months at a time.

Singapore picture from Shutterstock

I use a local SIM when away, and therefore won't get the SMS from Google. I use a tablet a lot too, so two-factor authentication with a USB key is only of limited use. So far I have left two-factor off, because I don't want to be locked out when overseas. What are my options? Thanks, Travelling Unsecured.

Dear TU,

As a fellow frequent traveler, I feel your pain. It’s especially annoying when online services take it upon themselves to enable two-factor authentication simply because your IP geolocation has changed. We once got locked out of our YouTube account during an overseas conference and had to scramble to upload the video through other means: an extra headache that we definitely didn't need.

Some online services provide alternative methods such as dedicated code generators. These are offline applications that grant the user a randomly generated access code — without the need for internet or SMS. Unfortunately, these solutions tend to be limited to specific services, such as online banking.

Some services also provide backup codes that can be entered when two-factor authentication isn't an option. These tend to be supplied only once during signup, so make sure you take note of it and keep it somewhere secure.

You can also change the phone number to that of a trusted friend or family member who lives locally, although we suspect this might strain the relationship somewhat if you're constantly requesting codes.

To be honest, none of the above solutions are perfect. As we've noted in the past, there's no easy way around this situation. It's basically one of the trade-offs you accept for a higher level of security.

We'd also like to hear from readers. If you've come across a solution to the above predicament, do let TU know in the comments section below.

Cheers Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact form.


Comments

    leave your phone plugged in at home and auto forward your SMSs to an email address, or to your overseas number.

    Most services that offer 2FA do so via a means other than SMS, the most common being one-time passwords (OTP) which are often referred to as 'Google Authenticator' or such, as they were the first really big player to start using them. If a service offers this then I'd use that in preference to SMSes. If you're and Android user then I highly recommend you use the app 'Authy' in preference to Google Authenticator - it offers syncing across devices so you can have it on tablet and phone etc. as well as cloud backup (don't worry - uploaded before encryption). It is far superior.

    If you're using a service which still only uses SMS for 2FA then let them know that this isn't acceptable. After much moaning I recently moved about 20 domains from NameCheap, my previous registrar, to NameSilo because they do 2FA with an app and NameCheap still mess around with SMSes. Friends have done the same. If enough people moan or vote with their feet companies will soon realise that good security is important to us and support the OTP process.

    Is Google's Authenticator app specifically linked to a sim/phone number?

      You can switch phones fairly easily so even if it is locked to sim/IMEA then it should be okay.

    Some online services don't require 2FA for login, but only for certain transactions - find out what these elevated transactions are before you leave, it can make things easier.

    Alternately, set up IFTTT to forward all your SMS to your email, and make sure you can access your email without SMS verification (Gmail does Authy/Authenticator 2FA, for instance).

    I find it hard to imagine not having an old phone, knocking around somewhere that you can slip your home SIM into so you can pick up SMS whilst travelling.

    No old Nokia get - one from Coles for $20?

    Wrong size SIM (iPhone user) - get an adaptor from eBay for $5?

    Don't want incoming calls - turn volume and vibrate off and don't answer them - be aware that calls diverted to voicemail that have actually rung overseas can cost heaps. Best set up all calls divert to voicemail before you leave.

    Want to receive calls - call forward to the local SIM the moment you know its number.

    Consider a call masking service like Romer for a short trip.

    I'm a year away and my SMS's come through on my AU mobile that sits on my desk - banking etc. sorted.

    My MVNO has fairly cheap calls and forwarding to where I am, so I'm in touch both ways.

Join the discussion!

Trending Stories Right Now