With massive security hacks now coming on what feels like a weekly basis, two-factor authentication has become a modern necessity. But, leave the country and getting that access code can become a lot more difficult than just waiting for a text. Here's what you need to know and do before your next trip.
What's Two-Factor Authentication And Why Does It Work Differently When You Travel? The basic idea is that your password can be hacked pretty easily, but it'd be much more difficult to also access a device you carry with you — typically your phone. So, Two-Factor requires both your typical password and a time-sensitive code texted to or generated by your phone.
The problems there are obvious. Lose your phone and you're screwed. Or, in a much more typical case for travellers: move out of cell phone reception, let your battery die or leave the country and you may not be able to receive the code.
This was driven home to me last week. While visiting Colombia, my brand new Macbook Air went all black screen of death on me and I needed to borrow my girlfriend's computer to write, edit and publish articles. That ended up being much more difficult than it should have been. Gmail's verification texts apparently don't send to your phone when you leave the country. Neither do Twitter's. Even with the same US number, good reception and armed with an international roaming plan. So, work became a frustrating two-screen task split between her computer and my phone, requiring me to Facebook Message links between devices and generally doubling the time it took me to do anything. If I haven't responded to your emails in like two weeks, this is why. I'll catch up today, promise.
Had I been a little more prepared, I could have avoided the hassle. Here's all the preparation you need.
General Good Practices: A day or two before you travel, take the time to log out of and back into all of your accounts on any devices you plan on taking with you. Many services, such as Gmail, can be set to verify a device only once every 30 days, so you'll be resetting that counter by doing this. Some, of course, require a new login every time your IP address changes, so even just by changing which WiFi network you're using at home can log you out. But, many aren't quite so annoying and doing the login reset can save you the hassle.
If you'll be travelling with a family member, significant other or a colleague or friend who isn't a shithead, you can also set their phone number as a backup. I suppose you could also do this with someone at home, but they may be unavailable when you get locked out or you may be unable to reach them because you're locked out.
Gmail and other services will generate permanent login codes for you so you can print them out or write them down and keep them somewhere safe. Probably a good idea to keep them somewhere other than your laptop bag, wallet or cell phone case, just in case you lose any or all of the above. Put them all on a little piece of paper and stick that in your shoe or somewhere else that will stay with you wherever you go and isn't likely to be lost or stolen.
Yeah, you should keep your phone on you, keep it charged and an external battery pack is a great idea. But, the unexpected often happens when you travel. Factor in flight delays, jet lag, lost luggage, insanely short flight connection times and the general frequency of the unexpected happening and it's just a very good idea to prepare for a little more than everything going according to plan.
Google Authenticator: This app is available on either iOS or Android and you can link it to a variety of accounts. It works even if your phone has no cell or data connection (ie in Aeroplane Mode). Set it up before you travel and, so long as you have your phone with you and your phone has power, it eliminates most of the hassles described here. If I'd had it on my phone last week, I could have used it to access Gmail. But obviously it's not going to help should you lose that phone.
Gmail and other Google Services: Google won't text you if you're abroad. You know, because they're a tiny little company that can't afford a 50 cent text message. So, try to access your Gmail account on a device other than your own and you're going to need a code. They will let you print out a master code (and even prompt you to do so occasionally!). Do that, it's a good idea. So long as you don't store it with your password, you shouldn't be compromising your account's security by doing so.
Facebook: Facebook uses its own authenticator packaged into its mobile app. It's reliable and automatic; the app kicks a code to your phone's alert centre the second you try to login to your account using another device and need one. But, this code refreshes every 30 seconds, so trying to get it off your phone and into a computer in a stressful or busy environment like on a bumpy, dark bus can prove a hassle. But, lose both your recognised computer and recognised phone and you could be out of luck altogether.
Twitter: I can barely retain access to my Twitter account at home. I'm laying on my couch as we speak and have access to the service on this computer, but not my phone. It's usually one or the other and requires me to reset my password at least once a week. Twitter will also refuse to text you abroad. Their two-factor system is a little different from most others; so long as you have your phone and, unlike me, you can actually access Twitter from that phone, then the app will just prompt you with a simple 'yes' or 'no' when you try and login from an unknown computer. They will also let you print out a physical key should you lose that phone or if, like me, you can't access Twitter using your phone.
Other Tips For Electronic Travel: The best tip I can give anyone is to create a clear, reasonably high-resolution scan of your passport's ID page and email it to yourself with the subject line "Passport." Should you lose your passport while travelling, that will give you a copy you can pull up on your phone or any computer. Provided you can navigate two-factor, of course. This will get you through passport control, even if they give you some sass about it.
Buy the correct plug-adaptor before travelling; they're easy to order from Amazon but impossible to find once you're in-country. Hotels sometimes have them, but I wouldn't want to rely on that.
You know this, but put a password login on your phone. There's sooooooo much personal data on them these days and thieves and other baddies are aware of that and target them as a result. Your computer should have one too, for the same reason.
Pick up a personal WiFi hotspot like Karma. Most won't work in foreign countries, but their domestic data rates are far less than airports or hotels typically charge and they just generally give you more freedom of movement. You can use one to work during the hour-long cab ride to JFK or LAX for instance. Or just go sit on a park bench with no one the wiser that you aren't in the office.
Data roaming in foreign countries is expensive! You can buy data packages for specific countries from your cell provider before you travel. If you don't, make sure you disable mobile data on your device when you arrive or prepare to be slapped with incredibly high charges even for tiny amounts of usage. Then, just use WiFi networks to download emails or look up directions. You can pre-load Google Maps areas and directions when you're on Wifi, then use them to navigate the walk from your hotel to dinner; GPS location doesn't require data usage.
Be aware of your personal security just like you would at home. If you want to learn more about keeping yourself safe abroad, then pick up a copy of Robert Young Pelton's book Come Back Alive; that's the most useful survival book you'll ever read, is particularly applicable to foreign travel and full of practical advice anyone can use.