<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 4/19/21 05:05, Eric Kuhnke wrote:<br>
<br>
</div>
<blockquote type="cite"
cite="mid:CAB69EHhG2_3MHpy=frsxbk-3rw71Rrqvz8S9TyXrTfDy0-2dsw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>One of my main problems with SMS 2FA from a usability
standpoint, aside from SS7 hijacks and security problems, is
that it cannot be relied upon when traveling in many
international locations. I have been <i>so many places</i>
where there is just about zero chance of my T-Mobile SIM
successfully roaming onto the local network and receiving SMS
at my US or Canadian number successfully. <br>
</div>
<div><br>
</div>
<div>What am I supposed to do, take the SIM out of my phone, put
it in a burner and give it to a trusted family member in North
America, just for the purpose of receiving SMS 2FA codes
(which I then have to call them and get the code from manually
each time), before going somewhere weird?</div>
<div><br>
</div>
<div>In the pre covid19 era when people were actually traveling
places, imagine you've had reason to go somewhere weird and
need access to a thing (such as your online banking, perhaps?)
protected by SMS 2FA, but you have absolutely no way of
receiving the SMS where you're presently located...</div>
<div><br>
</div>
<div>Many of the people designing SMS 2FA systems used by people
with accounts/services in the US 50 states and Canada seem to
assume that their domestic customers will forever remain in a
domestic location.</div>
</div>
</blockquote>
<br>
This is a practical problem that I suffer with one of my South
African providers, every time I traveled to the U.S. in the last 3
years. I could roam on all GSM networks in the U.S., and even make
voice calls, but SMS's would not get delivered. Delivery of those
only resumed the moment I transited in the Gulf on my way back home.
This did not affect other countries I traveled to.<br>
<br>
But you are right, most network operators and SMS authentication
designers do not necessarily work together to account for folk that
travel.<br>
<br>
Mark.<br>
</body>
</html>