
Ask HN: 2FA Contingency During Phone Service Outage - Zaheer
Several sites use text message as 2nd Factor Authentication. Given the ongoing service outages (https:&#x2F;&#x2F;techcrunch.com&#x2F;2020&#x2F;06&#x2F;15&#x2F;t-mobile-calling-outage&#x2F;) what other alternatives do we have when phone service is down? I was unable to access my bank account today because I never received the 2FA code via text. Although I had no critical tasks this seems ripe for havoc.
======
bradknowles
Ideally, use a hardware token instead. They implement many different
algorithms, so you should be able to find one that does what you need with
your bank. See [https://www.zdnet.com/article/best-security-
keys/](https://www.zdnet.com/article/best-security-keys/) for one good list.

Alternatively, there are TOTP apps you can get for your mobile device. See
[https://www.nytimes.com/wirecutter/reviews/best-two-
factor-a...](https://www.nytimes.com/wirecutter/reviews/best-two-factor-
authentication-app/)

~~~
gamell
this, also in general SMS authentication is known to be insecure anyways.

------
phillipseamore
No one should rely on SMS for 2FA! Phone numbers are bad authentication tokens
(they can change hands, be diverted etc).

Proper 2FA should either be TOTP codes and apps for those or hardware tokens.
Any of these should also have backup codes.

