32

It's been about 10 years since I've traveled out of the US. In that time, it's become more and more common for various services (including basic things like email) to (randomly or systematically) force you to verify yourself via a text message.

When I'm in the US, this is just an annoyance, but I'm wondering if it could be more of a problem when traveling abroad. I have the TMobile "Walmart plan" and have seen mixed information on whether it offers international roaming: some sources say no, some say there is international texting but not voice/data, and some say there is international texting but only when on wifi.

Suppose I'm going to be taking a trip abroad. I can get some kind of international SIM card, but that won't allow me to receive verification texts sent to my US phone number. I want to avoid uncomfortable situations like being locked out of my email or other important logins because I'm unable to verify via text message. Is there any reliable solution to ensure I can receive text messages to my US number no matter where in the world I am (assuming I can get cell phone signal)? Are there solutions that work for some countries but not others?

Edit: I appreciate the remarks about TOTP, and I do have that for a couple things (like my bank app). However, that requires a separate configuration change for every app or service. I'm more interested in a "drop in" solution that doesn't require me to separately configure every service I want to be able to access from abroad.

Improve this question
15
  • 13
    Enable app TOTP (Google Authenticator) for the most amount of accounts possible (it's more secure and more convenient)
    – Nicolas Formichella
    Commented Jun 9, 2023 at 4:33
  • 1
    Whether roaming works properly also depends on your phone. That could account for the conflicting reports: Even if your operator does support roaming, some people might encounter issues because their phone doesn't support the right frequency bands for their destination.
    – Relaxed
    Commented Jun 9, 2023 at 5:48
  • 4
    @phoog Disagree... having a fully offline capable vault with all your accounts is more convenient than waiting for email/SMS/Phone Call
    – Nicolas Formichella
    Commented Jun 9, 2023 at 7:00
  • 2
    @phoog Sure, that would be the most convenient, but that's beside the point. I am talking about 2FA methods
    – Nicolas Formichella
    Commented Jun 9, 2023 at 9:16
  • 2
    @shoover Different frequencies, even. But modern phones are usually capable of working in multiple regions since this is easier for the company selling the phones.
    – Mast
    Commented Jun 10, 2023 at 6:04

7 Answers 7

Reset to default
27

You are right to be worried: text message (SMS) delivery is best effort only. When traveling internationally, they are all too frequently delivered late or never, and there is really no way around this because the protocol itself does not guarantee delivery.

The best option is to switch your second factor to an alternative method that does not rely on the phone network. Time-based One Time Passwords (TOTP) from free apps like Authy or Google Authenticator are common and supported by lots of popular apps like Gmail, Instagram/Facebook, PayPal, etc. Most banks also support alternatives to SMS, often through their own apps or sometimes via physical tokens, although these are a hassle and increasingly going away.

Improve this answer
12
  • 4
    "when traveling internationally": and sometimes when not traveling at all.
    – phoog
    Commented Jun 9, 2023 at 7:23
  • 9
    Unfortunately, many services don't allow anything other than SMS-based 2FA. Many Indian services (and even banks) don't at least, from my experience.
    – Leaderboard
    Commented Jun 9, 2023 at 8:40
  • 1
    Great answer. I'd include a note that TOTP does not require connectivity, and that you must back up the recovery code given during setup.
    – BoppreH
    Commented Jun 9, 2023 at 15:18
  • 1
    @AaronF You use the recovery codes you've hopefully stored somewhere to set up your authenticator on another device.
    – lambshaanxy
    Commented Jun 10, 2023 at 7:01
  • 2
    1-5% lost might be bad for seeing a message from a friend but for 2FA it’s not a problem as you just request a new code. I guess my point is that your post might be unnecessarily scaring people.
    – JonathanReez
    Commented Jun 12, 2023 at 4:39
11

You have a few options, ordered from most desirable to least:

  1. Switch from SMS to Time-based One Time Passwords (TOTP) apps, as mentioned in the other answer. The codes are generated offline in your device, so you don't even need internet connectivity. Important: when setting up TOTP for the first time with a service, you'll be presented with a backup code. Save it somewhere safe, you'll need it if you lose access to your device. Alternatively, you can save the QR code presented during setup.
  2. Really, try TOTP first.
  3. Switch from SMS to hardware keys like YubiKey, if the service supports it. Costs money and is not widely supported, but it's more secure and also available regardless of connectivity.
  4. Set your phone number to the one from your new international SIM card. Important: not all services accept international numbers.
  5. The next options are last-resort, avoid them if possible.
  6. Set your phone number to a voice-over-internet-protocol (VoIP) number, like Google Voice. You can then forward messages to your international SIM card, or read them from the app (depending on provider). Important: some services won't send 2FA SMS messages to VoIP numbers.
  7. Set your phone number to a trusted friend's in the US, then call/message them as needed.
  8. Leave your US SIM card with a trusted friend in the US, then call/message them as needed.

Relying on a friend's availability is tricky, especially over large time zone differences. And be mindful of phishing attacks; make it explicit that you'll call/message them each time you need a code, that they should only forward the messages to you, and to otherwise ignore any messages about that service.

And do a test run first, preferably still at home. If you can test with a VPN from the target country, even better. Security measures change depending on risk factors, and the service might be more stringent if it's your first connection from that country.

Improve this answer
7
  • 1
    As such a comprehensive list I feel like it's missing the (obvious?) solution: put the SIM card into an LTE router (I'm usually using Mikrotik or Teltonika) and access it over the internet (preferably through a VPN like Zerotier). Of course this requires a bit of IT knowledge to do it securely.
    – AndreKR
    Commented Jun 9, 2023 at 15:51
  • @AndreKR I've never used an LTE router, I didn't know you can see SMS messages. But I don't think this solution wins in either price or simplicity, so I'd be hesitant to suggest it.
    – BoppreH
    Commented Jun 9, 2023 at 16:14
  • @AndreKR that means leaving the sim card at home, then?
    – njzk2
    Commented Jun 9, 2023 at 22:39
  • @njzk2 Yes, it does. (Unless you have a plan with multiple SIM cards, which doesn't apply to OP.)
    – AndreKR
    Commented Jun 10, 2023 at 15:39
  • 1
    I really like #8 as a relatively painless and foolproof backup plan.
    – Wowfunhappy
    Commented Jun 11, 2023 at 14:01
8

My answer sounds like a product pitch but it's not intend as such other than "it actually works". I have no affiliation with or financial interest in T-Mobile.

We use a T-Mobile plan in the US which comes with free data and texting in 100+ countries and is competitively priced. No need for the ridiculous fees that Verzion, AT&T etc charge for international service (which is typically something crazy like $10/day).

We've used it in over 30 countries so far and never had an issue. It's on the slow side, but coverage is good and it's certainly fast enough for authorization, Google Maps, and WhatsApp.

The phone works immediately when you enter a new country. You don't have to do anything and there is no need for a SIM card or a local phone number.

Improve this answer
2
  • +1. Except for places with a very poor coverage, SMS delivery never had been a problem for me (I had to request code twice sometimes, but it happens domestically too) with a cheapest US plan I had a couple years ago, even without a data plan or any other international addons. TOTP is better in general, though.
    – aland
    Commented Jun 12, 2023 at 9:37
  • +1 This has been our experience also - wife has TMobile, I have Verizon. Every time we travel outside of NA she has calls/texts/data as soon as she connects to a network. I use wifi only and we set everything to go through her phone (she also gets hotspot so that helps for any service we need that isn't connected to her phone). It's slow, but we get all the notifications we need
    – Midavalo
    Commented Jun 13, 2023 at 21:12
5

Not going to rehash what has already been said, but just a few specific points:

  • If you will be connecting from abroad, your IP address of the moment will reflect the fact that you're abroad. So that means the risk of triggering "security checks" goes up. As an example, years ago I logged in to Paypal from Portugal, just to check my balance, and they blocked my account. Of course this is Paypal but this is a taste of situations that can arise when your browsing patterns change all of sudden.
  • I too strongly recommend to ditch SMS and use TOTP whenever possible. My password manager (KeepassXC) does that, so no need to depend on Google or some third party authenticator. And it does form autocomplete too (convenience).
  • SMS delivery is unreliable in general and not guaranteed when it involves roaming abroad
  • Verify that your phone model is fit for use in the target country: frequency bands vary from one country/continent to another
  • Regardless of what people are saying on the Internet, verify your current contract with Tmobile/Walmart - it may require adjustments to enable roaming abroad.
  • I understand that having to reconfigure every service may be tedious. But assume the worst and start with the services that are the most critical to you, for example E-mail. Perhaps you usually connect through a web interface where 2FA can kick in but what about POP/IMAP access?

To address the suggestions from @BoppreH:

  • Using a virtual number (VOIP) for SMS verification is a good idea but that too requires reconfiguring your services. And paying for an extra number you will only need sporadically. The problem (and irony) is that the supplier (Google or other) may itself trigger 2FA before granting access. So make sure it won't be SMS, or you can choose among different options. A lot of people depend on Google for many things like E-mail. Being locked out of Google amounts to disaster so I recommend to minimize dependence on Google as much as you can. Having a single point of failure is risky.
  • Using a VPN before you leave is also a strategy so that your providers "get used" to your newly-reported location. 2FA may kick in on first use, but you'll be able to handle that while you're still in the US. Downside: you'll pay for this, and this not a silver bullet. Actually, IP address blocks that are known to belong to VPN providers can be deemed more risky, because there is a percentage of users who are up to no good, trying to conceal their true location to carry out objectionable activity.

Note: many services look at the device fingerprint - if they notice a change, you may have to prove it's you. So if you try to access your services from a "new" device - and what's more, from abroad - expect additional verifications.

Improve this answer
1
  • Using a VPN before you leave is also a strategy so that your providers "get used" to your newly-reported location => maybe this was necessary a decade ago but nowadays everything works fine even if you connect from a nation on the other side of the world all of a sudden. I've only needed to use a VPN if the website I need is blocked from non-US IP addresses.
    – JonathanReez
    Commented Jun 11, 2023 at 11:03
3

Newer phones have "Wifi calling". Like the name implies, it lets your phone operates normally using Wi-Fi instead of cellular connection. My phone, Samsung A13 5G has it. It also has dual SIM slots, so I can use both my US and local SIM.

I never had any issues with 2FA when I was in Asia for almost 2 months. But having 2 SIMs did confuse some of the apps I installed (they checked for local phone numbers). So, I needed to disable one of the SIMs. And many times, I forgot to re-enable it. Lol.

Improve this answer
4
  • 1
    While this may work in a technical sense, its real-world usefulness is limited. Whatever transaction or access is being "confirmed" by the SMS link must be responded-to by the user promptly upon the account institution's sending the SMS code. Always being logged-in to a local wifi network (while shopping, etc) may not be easy or even possible.
    – DavidRecallsMonica
    Commented Jun 9, 2023 at 17:50
  • This is a data sample of 1, which is myself. And I don't think it's wise anyway to rely one just one thing. Not every country have easier access to obtain local SIM vs getting on the WiFI. In Indonesia for example, you actually have to register your phone's IMEI in order to use any of their cellular data. Otherwise, local SIM won't even work on your foreign phone.
    – Jose Mulia
    Commented Jun 9, 2023 at 22:07
  • @JoseMulia you can sidestep local IMEI registration schenanigans entirely by purchasing a travel SIM or an eSIM before you leave. They're extremely cost competitive now and can be activated before you travel.
    – JonathanReez
    Commented Jun 11, 2023 at 11:05
  • My phone doesn't support eSim and the IMEI of the phone is still need to be registered. Indonesia has only one cell company and it's a government entity. I was at the phone store in Lombok. And the registration is all still being done manually. What they did was they talked with the registration people through a special Whatsapp chat group, giving my info, passport, etc. Also, many phone stores in Bali and Lombok understand how to do it. Not the case in Jakarta, you need to get it done in the airport right away. And you're probably out of luck if you're outside those areas.
    – Jose Mulia
    Commented Jun 11, 2023 at 17:23
3

Try services that let you access SMS remotely

(Note: I'm an Indian, and my experience is with Indian and Japanese mobile providers [and to some extent travelling in the US], but I think this should work well enough in any combination of countries in which you can access the internet and Google services work fine.)

In the past, I have had some luck using the web interface of Google Messages (https://messages.google.com/web/) for accessing messages from an Indian SIM that I left behind on which I would get OTPs from Indian banks (none of the five banks I have had experience with support TOTP apps). To do this:

  1. You need to authenticate the browser you're using with the phone in advance.

    • However, this is done using a QR code, so if you have someone you trust that can unlock the phone for you, then you can authenticate while you're already travelling, and the trusted person only needs to be available for the authentication, not whenever you need OTPs.
    • This can be a browser on another mobile device. I have used Firefox for Android without problems.

  2. The phone must be powered on and have internet connectivity.

    • I used a spare, old phone, keeping it plugged into a charger and at home.
    • I think that if the phone reboots, it might need to be unlocked, but I'm not sure about that.

  3. The browser needs to be re-authenticated periodically (every two weeks, IIRC).

    • If you're travelling for more than that, you could set up an agreed-upon time with a trusted person to unlock the device and forward the QR code to the device.

Provided you set it up in advance, this can work without the involvement of anybody else for up to two weeks. Any longer or if you are already travelling, you'll need somebody's help.

With iPhones, I think messages can synced with a Macbook or similar Apple devices over iCloud. That might be an option if you're in the Apple ecosystem.

Improve this answer
1
  • The iCloud for Messages page seems to suggest that Text Forwarding should be updated separately for SMS support, but that feature only works via Continuity, which requires being nearby (Bluetooth) and/or on the same wifi network. If this actually worked across the globe it would be a great option, assuming you could buy a cheap/broken iOS device just for this purpose.
    – fregante
    Commented Jun 14, 2023 at 18:22
2

Not an American, but from my experience there's no problem receiving SMS abroad.

When traveling abroad with no roaming plan, you can't make it receive calls, and you can't send text messages, but incoming text messages simply work, at no charge.

I never experienced significant delay also.

This of course requires keeping your home SIM card in your phone. That's no problem of your phone supports dual DIM or eSIM. Of not, you may want to take an extra phone for the stole purpose of receiving SMS.

Of course, I can't guarantee that it would work for you. Having a plan B is anyways good.

Improve this answer
1
  • I think it varies by country/operator. My Italian SIM card has faithfully received SMS in a dozen countries, whereas other SIMs like from the Philippines just show “No service” when abroad.
    – fregante
    Commented Jun 14, 2023 at 18:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .