2FA Contingency During Phone Service Outage

Question

Several sites use text message as 2nd Factor Authentication. Given the ongoing service outages (https://techcrunch.com/2020/06/15/t-mobile-calling-outage/) what other alternatives do we have when phone service is down? I was unable to access my bank account today because I never received the 2FA code via text. Although I had no critical tasks this seems ripe for havoc.

bradknowles · Accepted Answer

Ideally, use a hardware token instead. They implement many different algorithms, so you should be able to find one that does what you need with your bank. See https://www.zdnet.com/article/best-security-keys/ for one good list.Alternatively, there are TOTP apps you can get for your mobile device. See https://www.nytimes.com/wirecutter/reviews/best-two-factor-a...

phillipseamore · Answer

No one should rely on SMS for 2FA! Phone numbers are bad authentication tokens (they can change hands, be diverted etc).Proper 2FA should either be TOTP codes and apps for those or hardware tokens. Any of these should also have backup codes.