Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

Hoa do you get around 2-step authentication in place with no cellphone signal?

Hoa do you get around 2-step authentication in place with no cellphone signal?

Old Feb 8, 20, 2:29 am
  #31  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 14,948
Originally Posted by LAXlocal View Post
I had this the other day and did have my phone handy ,

But what happens when you are overseas and that number does not work ?

Thats really one reason I do not use it , but sometimes the website uses 2 factor does and you have no way to do it.
Eh?? Being "overseas" has no impact on how the authentication works. As mentioned upthread, you can print off 10 single use authentication codes that you can use if you don't have your authentication device with you. Keep those in your wallet.
ajGoes likes this.
DYKWIA is offline  
Old Feb 8, 20, 7:57 am
  #32  
 
Join Date: May 2013
Posts: 878
Originally Posted by DYKWIA View Post
Eh?? Being "overseas" has no impact on how the authentication works. As mentioned upthread, you can print off 10 single use authentication codes that you can use if you don't have your authentication device with you. Keep those in your wallet.
Ok, the other day I logged into my AOL account and they wanted to send a Pin to my USA phone , and since I was in the USA , I had that phone and service where I was at ,
now if I tried to do this in Tahiti , the phone would not have service and I would be stuck .

Yes Google might give you a way out , but not all websites use Google ,
LAXlocal is offline  
Old Feb 8, 20, 8:29 am
  #33  
 
Join Date: Dec 2010
Location: Belgium
Posts: 821
The correct solution to entities that insist on SMS as the only second factor is not to do business with those entities. If I can't use e-mail or a code generator app, I'll use a competitor. My smallish hometown credit union in the Midwest supports SMS, e-mail and Google Authenticator. If they can do it, so can anyone else.

SIM-swap fraud is real, and it can often be accomplished with plain old social engineering, no dirty telco employee needed.

There's a reason that Google doesn't even allow SMS as a second factor for accounts with advanced protection enabled.
der_saeufer is offline  
Old Feb 8, 20, 10:17 am
  #34  
 
Join Date: Jun 2011
Location: I 35 south bound, finally stopped
Programs: AA EXP, LT Plt, 4mm, *A Silver, Free Agent
Posts: 1,166
I have the google Titan security key bundle sitting on my desk unopened. I am trying out the authenticator route before I go there again. Had an early Yubi key but sometimes I dont bring my keys internationally.
boerne is offline  
Old Feb 8, 20, 4:10 pm
  #35  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 14,948
Originally Posted by LAXlocal View Post
Ok, the other day I logged into my AOL account and they wanted to send a Pin to my USA phone , and since I was in the USA , I had that phone and service where I was at ,
now if I tried to do this in Tahiti , the phone would not have service and I would be stuck .

Yes Google might give you a way out , but not all websites use Google ,
OK - so nothing to do with Google / Gmail, which is what this thread is all about.
der_saeufer likes this.
DYKWIA is offline  
Old Feb 9, 20, 11:48 am
  #36  
 
Join Date: Jun 2011
Location: I 35 south bound, finally stopped
Programs: AA EXP, LT Plt, 4mm, *A Silver, Free Agent
Posts: 1,166
have alerted the Mods to consider changing the thread title to something more broad than gmail/google.
boerne is offline  
Old Feb 9, 20, 1:57 pm
  #37  
 
Join Date: Feb 2000
Location: Menlo Park, CA, USA
Programs: UA 1MM 0P, AA, DL, *wood, Lifetime FPC Plat., IHG, HHD
Posts: 6,563
Originally Posted by DYKWIA View Post
Eh?? Being "overseas" has no impact on how the authentication works. As mentioned upthread, you can print off 10 single use authentication codes that you can use if you don't have your authentication device with you. Keep those in your wallet.
Frankly, I've been using this type of 2FA for 25 years now and its works very well for travel and when one is going to be in either remote locations (maybe without cellular) or if one has to authenticate without a current 2FAD. I print 10-20 codes and put them in a small sheet in my wallet, and put the codes in a spreadsheet in my laptop in a spreadsheet with a password file. Make sure to cross them off after use.
nmenaker is offline  
Old Feb 9, 20, 8:24 pm
  #38  
FlyerTalk Evangelist
 
Join Date: Nov 2009
Location: Earth. Residency:HKG formerly:YYZ Business: ATL, PVG, PEK, CAN, SZX, MNL, SIN, KUL, BKK, SGN, CPT, UIO
Programs: CX, DL, Nexus/GE, APEC
Posts: 10,085
There are many secure authenticators that work not only with Gmail 2nd level but also many other web sign in. I am presently using Yubikey5 as I was invited to be part of the user experience team. I had to use a few phone app-based authenticators for most of my other web sign in as well as the google 10 number list that I encrypted my way.
tentseller is offline  
Old Feb 10, 20, 7:16 pm
  #39  
 
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 12,217
Still using 1password across all my devices. They've made it much easier to do the setup and use it over the years.

For example, there's a scanner pop-up in order to scan the QR code (you just position it over the qr code and release it) for a web page or you can just copy and paste the seed manually.

And the OTP is automatically copied to the clipboard when you fill in a sites login/password info using 1pw.

to answer the question from 5 years ago, the OTP is available on all your devices syncing and using the same vault.

If I wasn't entrenched in 1password, I'd probably use authy because it's able to sync all instances via the cloud.

-David
LIH Prem is offline  
Old Feb 11, 20, 6:37 am
  #40  
 
Join Date: May 2003
Location: Cleveland, OH
Programs: UA-GS 1MM), Hertz Pres Circle, Starriott Titanium)
Posts: 1,770
Originally Posted by LIH Prem View Post
Still using 1password across all my devices. They've made it much easier to do the setup and use it over the years.

For example, there's a scanner pop-up in order to scan the QR code (you just position it over the qr code and release it) for a web page or you can just copy and paste the seed manually.

And the OTP is automatically copied to the clipboard when you fill in a sites login/password info using 1pw.

to answer the question from 5 years ago, the OTP is available on all your devices syncing and using the same vault.

If I wasn't entrenched in 1password, I'd probably use authy because it's able to sync all instances via the cloud.

-David
I don't use 1Password for my multi-factor, but they are fantastic. I recently went from Bitwarden to 1Password for my password management. One reason, 1Password is currently the ONLY mainstream password manager to fully supports Yubikey NFC on both android AND iOS 13. This was YUGE for me.
LordHamster is offline  
Old Feb 17, 20, 11:28 pm
  #41  
 
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,088
Originally Posted by weltfrieden View Post
if my password is really long and complicated and I don't keep it in my wallet or written on the back of my phone or something, do I even need to bother with 2-step authentication?
"complicated" passwords have been debunked. Even the guy who originally came up with the UPPER/lower/12345/!#@$ = strong password now says he regrets it.
My current Amazon acct password is similar to this: (again, not my actual password)[email protected]@[email protected]"ng1e

I hate to break it to you, but every cracking program and rainbow table out there already knows to try 1 for l and @ for A/E/O when doing dictionary attacks.. Believe it or not, "thisisabadpassword" is just as secure. Long is good, but upper/lower/numeric/symbols don't make a hill of beans difference when I'm cracking hashes. The longer, the better.

These days, there aren't too many people just brute-force trying passwords. Any modern system has some sort of intrusion protection and will block IPs and/or lock out the account after a number of failed attempts to login. Stolen/leaked login credentials are what all the cool kids do these days. They're readily downloaded and most people reuse the same password on multiple sites. Want to see where your login info (and possibly more personal info) has been stolen/leaked, take a look over at: https://haveibeenpwned.com/

For the best security, DO NOT REUSE passwords. At the very least, make sure your banking (each financial institution) and e-mail passwords are only used once.

I'm not a fan of 2-factor authentication actually, especially due to how it's often implemented (SMS/e-mail). Both are easily hijacked/hacked. If I have access to someone's e-mail, then I suddenly have access to just about every account they have AND 2-factor confirmations.
KRSW is offline  
Old Feb 18, 20, 8:02 am
  #42  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 12,083
Originally Posted by KRSW View Post
"complicated" passwords have been debunked. Even the guy who originally came up with the UPPER/lower/12345/!#@$ = strong password now says he regrets it.

I hate to break it to you, but every cracking program and rainbow table out there already knows to try 1 for l and @ for A/E/O when doing dictionary attacks.. Believe it or not, "thisisabadpassword" is just as secure. Long is good, but upper/lower/numeric/symbols don't make a hill of beans difference when I'm cracking hashes. The longer, the better.

These days, there aren't too many people just brute-force trying passwords. Any modern system has some sort of intrusion protection and will block IPs and/or lock out the account after a number of failed attempts to login. Stolen/leaked login credentials are what all the cool kids do these days. They're readily downloaded and most people reuse the same password on multiple sites. Want to see where your login info (and possibly more personal info) has been stolen/leaked, take a look over at: https://haveibeenpwned.com/

For the best security, DO NOT REUSE passwords. At the very least, make sure your banking (each financial institution) and e-mail passwords are only used once.

I'm not a fan of 2-factor authentication actually, especially due to how it's often implemented (SMS/e-mail). Both are easily hijacked/hacked. If I have access to someone's e-mail, then I suddenly have access to just about every account they have AND 2-factor confirmations.
Ultimately, the best solution is random, long passwords unique to each site. Use a password manager. Enable 2FA on sites that support it. People like to pooh-pooh SMS 2FA but for the vast majority of us it's fine. If you have specifically elevated security needs then it is not a good solution. I use Authy or Yubikey everywhere they are supported and SMS elsewhere.

As to the concern about someone pwning your email account, that's perfectly valid. The solution is to use a unique password on your email and enable non-SMS 2FA. Or, as Andrew Carnegie said, "Put all your eggs in one basket and WATCH THAT BASKET!"
gfunkdave is offline  
Old Feb 18, 20, 8:19 am
  #43  
 
Join Date: Aug 2010
Location: RDU
Programs: Marriott Platinum. AA and UA as well, but I don't care about them anymore.
Posts: 219
Originally Posted by weltfrieden View Post
yes, wifi works, but without any cellphone signal on my Verizon and AT&T phones, I couldn't do the 2-step. I had cleared the browsing history on my laptop the day before, so when I connected to the hotel's wifi, Gmail asked me to verify by typing in the code that I get via SMS. I ended up driving the 20 miles until I was able to pick up 1 bar of Verizon signal and received the SMS. I used hotspot on my phone and typed the code into my laptop. Then drove the 20 miles back to the hotel.
Since you're talking about GMail, you can use Google Authenticator to generate OTPs rather than using the SMS method.

I have four different gmail accounts, one uses my corporate SSO, and the rest simply ask for an OTP that is generated by Google Authenticator. Alternatively, use a Yubikey. That's how I did GMail 2FA until my beloved nearly 10 year old Yubikey finally took the celestial dirt nap.
Dread Pirate Jeff is offline  

Thread Tools
Search this Thread
Search Engine: