Early Retirement Extreme Forums

Two-step verification is becoming more and more mandatory. I don't have a cellphone and would rather not have to get one just so I can log into websites.

Any recommended way around this that doesn't involve a phone+plan?

Can you use an app like freecall or textnow on your laptop to get a temp phone # to receive the text verification?

Two step is something you have and something you know. It's a very good thing for your security. At some point, your user and password will become public, two factor protects you.

Most sites should support both a phone number and an email as the something you have.

A third option is an authentication token, like Yubikey. You plug it into a USB port and push a button. Support for this is mixed, but big players like Google will.

A VOIP service that accepts text is another option. Personally, I'd prefer something less easily compromised, and would be very selective with the vendor.

The two step sites I have used have email as an option.

Not an issue! Been using theses services for the past 4 years with little issue:

*https://www.textnow.com/signup
*https://voice.google.com/signup
*https://www.freedompop.com/phone

The main issue is that tons of fraudsters use these services to help make lots of zombie accounts for sites that require two factor and they can be pretty easily used to impersonate people and do all sort of nefarious things, so a lot of high end sites: banking, government, insurance will DEMAND a phone number that is tied to your name, think Verizon, AT&T cell contracts. In that case the easiest work around is to buy a burner phone from the grocery store for $30 and just pay as you go.

If you are using Windows you could try something like https://winauth.com/download/

Note: I haven't used it, I just found it via Google.

The downside is your second factor is on your PC, I prefer to keep it separate which is why I use a Yubikey.

I use my email for that all the time. Just copy the code they send and paste it where I need it.

I've been using google voice for years. You can use it (both texts and calls) on the internet with your computer. Every once in a while, a place will not want to use an internet based number, but that happens very rarely.

For the most part I use email. There are a couple things, like my 401k account that I might have to occasionally access from work that I use my cell phone for (can't access personal email from the office LAN).

Disposable email address. I'm not handing out my phone number just to have it go into a database and be misused!

OTCW wrote: ↑

Fri Jun 09, 2017 9:35 am

The two step sites I have used have email as an option.

Isn't this still a weakness, if your PC is compromised then the assailant has access to your email. The point of 2FA is there is another device the hacker doesn't have access to.

still better than just password - assailant could have been looking over ducknalddon's shoulder and seen the username/password. access to PC/email is one more step.

Nowadays, two-factor (not two-step) is often a joke, as people access websites by smartphone, and get the access token texted to the same phone.

That said, two-factor delivers better security for some scenarios, like people stealing your email password.

(It is a little derail of the topic, but I mean about situation when we do not have cellphone and we encounter some problems with 2FA and modern world altogether)

Guise!

How will you resolve issues when somebody will withdraw money from your bank account/brokerage?
(in my country big transactions need to be confirmed by SMS token; I heard that services for retailer customers are not so sophisticated in USA )
I mean that algorithms which gives you money back from the bank tend to be pain in the neck (if they consist of less personal data about you)

Anyway, how have you survived interviews? Do you have skype number?

Though not perfect, Two-step verification is better than no verification at all or challenge questions like "What is your mother's maiden name?"

One of these or the equivalent app on a computer will handle the 2FA.
https://www.yubico.com/product/fido-u2f-security-key/
Phone numbers are not "2FA" since phone numbers are not a thing you own. Adding a phone number to an online account reduces the security. So given the option use an Authenticator / U2F key.