With massive security hacks now coming on what feels like a weekly basis, two-factor authentication has become a modern necessity. But, if you leave the country, getting that access code can become a lot more difficult than just waiting for a text. Here's what you need to know and do before your next trip.
What's Two-Factor Authentication and Why Does it Work Differently When You Travel? The basic idea is that your password can be hacked pretty easily, but it'd be much more difficult to also access a device you carry with you — typically your phone. So, Two-Factor requires both your typical password and a time-sensitive code texted to or generated by your phone.
The problems there are obvious. Lose your phone and you're screwed. Or, in a much more typical case for travellers: move out of mobile phone reception, let your battery die or leave the country and you may not be able to receive the code.
This was driven home to me last week. While visiting Colombia, my brand new Macbook Air went all black-screen-of-death on me and I needed to borrow my girlfriend's computer to write, edit and publish articles. That ended up being much more difficult than it should have been.
Gmail's verification texts apparently don't send to your phone when you leave the country. Neither do Twitter's; that's despite me using the same phone number, good reception and armed with an international roaming plan. So, work became a frustrating two-screen task split between computer and phone, requiring me to Facebook-message links between devices and generally doubling the time it took me to do anything.
Had I been a little more prepared, I could have avoided the hassle. Here's all the preparation you need.
General Good Practice: A day or two before you travel take the time to log out of, and back into, all of your accounts on any devices you plan on taking with you. Many services, such as Gmail, can be set to verify a device only once every 30 days, so you'll be resetting that counter by doing this. Some, of course, require a new login every time your IP address changes, so even just by changing which W-iFi network you're using at home can log you out. But, many aren't quite so annoying and doing the login reset can save you the hassle.
If you'll be travelling with a family member, significant other or a colleague or friend who isn't a shithead, you can also set their phone number as a backup. I suppose you could also do this with someone at home, but they may be unavailable when you get locked out or you may be unable to reach them because you're locked out.
Gmail and other services will generate permanent login codes for you so you can print them out or write them down and keep them somewhere safe. Probably a good idea to keep them somewhere other than your laptop bag, wallet or mobile phone case, just in case you lose any or all of the above. Put them all on a little piece of paper and stick that in your shoe or somewhere else that'll stay with you wherever you go and isn't likely to be lost or stolen.
You should keep your phone on you, and obviously make sure to keep it charged; an external battery pack is a great idea. But, the unexpected often happens when you travel. Factor in flight delays, jet lag, lost luggage, insanely short flight connection times and the general frequency of the unexpected happening and it's just a very good idea to prepare for a little more than everything going according to plan.
Google Authenticator: This app is available on either iOS or Android and you can link it to a variety of accounts. It works even if your phone has no mobile or data connection (in Airplane Mode). Set it up before you travel and, so long as you have your phone with you and your phone has power, it eliminates most of the hassles described here. If I'd had it on my phone last week, I could have used it to access Gmail. But obviously it's not going to help should you lose that phone.
Gmail and other Google Services: Google won't text you if you're abroad. You know, because they're a tiny little company that can't afford a 20-pence text message. So, try to access your Gmail account on a device other than your own and you're going to need a code. They'll let you print out a master code (and even prompt you to do so occasionally!). Do that, it's a good idea. So long as you don't store it with your password, you shouldn't be compromising your account's security by doing so.
Facebook: Facebook uses its own authenticator packaged into its mobile app. It's reliable and automatic: the app kicks a code to your phone's alert centre the second you try to login to your account using another device and need one. But, this code refreshes every 30 seconds, so trying to get it off your phone and into a computer in a stressful or busy environment like on a bumpy, dark bus can prove a hassle. But, lose both your recognised computer and recognised phone and you could be out of luck altogether.
Twitter: I can barely retain access to my Twitter account at home. I'm laying on my sofa as we speak and have access to the service on this computer, but not my phone. It's usually one or the other and requires me to reset my password at least once a week. Twitter will also refuse to text you abroad. Its two-factor system is a little different from most others: so long as you have your phone and, unlike me, you can actually access Twitter from that phone, then the app will just prompt you with a simple 'yes' or 'no' when you try and login from an unknown computer. They'll also let you print out a physical key should you lose that phone or if, like me, you can't access Twitter using your phone.
Your Bank: Much easier! You can do the standard text-you-a-code two-factor or, should it all go wrong and you lose your wallet, phone and computer, you can just look up the free international phone number for you bank and call them. Believe it or not, but you can actually complete any banking function over the phone with a friendly, English-speaking person on the other end (some banks do require you to have setup telephone banking beforehand, so do check that before you travel).
I was actually refused putting a travel notification on my account for Colombia because of the War On Drugs or something, but my card worked there the entire time. Different story when I bought three rounds of drinks on the flight home and the airline processed them all at once after landing. They turned my card off and I couldn't pay for the taxi ride home using it, but a simple verification text arrived a few minutes later and all I had to do was respond with a '1' to restore access. Banks are used to people travelling, even if they disapprove of heavy in-flight drinking.
Other Tips For Electronic Travel: The best tip I can give anyone is to create a clear, reasonably high-resolution scan of your passport's ID page and email it to yourself with the subject line "Passport". Should you lose your passport while travelling, that'll give you a copy you can pull up on your phone or any computer. Provided you can navigate two-factor, of course. This will get you through passport control, even if they give you some sass about it.
Buy the correct plug-adaptor before travelling; they're easy to order from Amazon but impossible to find or stupidly expensive once you're in-country. Hotels sometimes have them, but I wouldn't want to rely on that.
You know this, but put a password login on your phone. There's so much personal data on them these days and thieves and other baddies are aware of that and target them as a result. Your computer should have one too, for the same reason.
Data roaming in foreign countries is expensive. You can buy data packages for specific countries from your network provider before you travel. If you don't, make sure you disable mobile data on your device when you arrive or prepare to be slapped with incredibly high charges even for tiny amounts of usage. Then, just use Wi-Fi networks to download emails or look up directions. You can pre-load Google Maps areas and directions when you're on Wi-Fi, then use them to navigate the walk from your hotel to dinner; GPS location doesn't require data usage. If you're going exploring, follow our instructions to turn your phone into a powerful GPS navigator and pre-load the maps before you leave.