I was chatting over coffee with my brother in his Parisian apartment when I had one of these “shit, the bread!” moments most French are familiar with—basically, you’ve just realized it’s almost 7 p.m. (or 8 p.m. in Paris), bakeries are going to close, and you have yet to buy your daily baguette for dinner.
“Be right back!”
I jumped to my feet, grabbed my coin purse and mask, and rushed to the bakery down the street where I joined the queue of last-minute bread hunters.
Five minutes later, I strolled back to the apartment building, one of the last baguettes in my left hand.
This is when I found myself facing a closed door and another very Parisian challenge.
“Merde, le code!”
Most apartment buildings in Paris no longer have doormen because, well, salaries cost money. At some point in the 1970s, gossipy but useful caretakers were replaced by a “digicode,” an electronic lock. Not so unusual these days, but in Paris, “digicodes” are not your typical intercom where you dial a resident and wait to be buzzed in. Most of the time, there’s just a ten-digit keypad—sometimes with the first four or five letters of the alphabet thrown in just because—by the front door. Basically, you need the access code because there’s no “hey, can you let me in?” buzzer option.
I had the code. My brother texted it to me. The thing is, I didn’t take my phone, just my coin purse. No phone, no code. No phone, no way to call him to let him know I’m stuck downstairs. No phone, no luck.
I lit up a cigarette and started pacing the street, my eyes on the front door, ready to tag along with anyone willing to let me in. Just my luck, Mark got over separation anxiety about five years ago—he worships my brother and it could take a while before either of these two realize it’s weird I’m not back yet.
I inspected the keypad, looking for faded numbers. Meh, only works in fiction—I was staring at Paris’ cleanest keypad ever.
I leaned against the wall and closed my eyes, trying to remember a code I had only punched in a couple of times and never bothered to memorize. A1846? No. A1445? Nope… A1945? YES! Love the human brain, it’s pretty amazing.
Phew.
Because, not again.
The thing is, getting locked out is kind of my specialty, although most of the time it happens online.
You’ve probably noticed that many websites now require two-factor authentication, basically prompting you to verify your identity with a unique identification code sent by email to text message when you attempt to log in. This best practice for additional security can be an optional feature deactivated by default or a mandatory step, especially when using online banking.
If I can receive the code by email, it’s all good—if I’m online, I can presumably log into my one and only email account and grab the code. Text message? Now, that’s a different story.
This is the message I dread:
Quick security check We just need some additional info to confirm it’s you. Receive a text Mobile (6••) •••-8137
I have two different bank accounts—business and personal—in two different Canadian financial institutions. Both have my Canadian cellphone number on file, and it’s the number that will be used to verify my identity. No problem if I’m in Canada, but what if I’m not?
No matter where I go, I never take my Canadian SIM card out of the country—roaming charges apply outside coverage area, sometimes even within Canada. And international data roaming is either unaffordable or simply not available. For instance, Videotron—my provider—offers a “daily traveller pass” for $13/day plus fees, so $0.60/min for calls, $0.30/text message, etc. So for a standard two-week holiday, basically $195 plus fees for talk, text and data use, ah ah.
Even the Government of Canada warns travellers against using data plans outside Canada: “you may receive an unexpectedly large bill for your data usage, known as ‘bill shock,’ from your wireless provider after you return home. This is the result of the exceptionally high international data roaming fees charged by Canadian wireless providers to keep you connected to a wireless network while you are outside the country.”
I take my phone when I travel, but I leave my Canadian SIM card at home and I buy a local SIM card if needed. This is what I did this year in France. I just grabbed a no-fee Lycamobile SIM card and bought a €14.99 30-day plan (unlimited calls and texts, 20 GB of data) I renewed for as long as I needed.
But then, I was unable to log into one of my Canadian bank accounts and into my Canada Revenue Agency account for five months because both required two-factor authentication by text message. And you can’t just update your phone number without logging into your account first.
I have yet to find a solution to deal with the issue when I’m not in Canada. I can’t be the only one cursing two-factor authentication with text message security codes! Phones can be lost, stolen, run out of battery… not to mention that when the government doesn’t claim we should avoid non-essential travel outside Canada until further notice, Canadians do travel abroad, probably without their phones like me.
If you’re facing the same issue, do share!
I hate this. I still have a credit card and bank account in the US. While rare, I still use them every once and awhile. Mainly for gifts (me buying for people in the US) or for us or the kids (and my mom pays the bill as the paper copy is delivered to her address). Luckily, to log-in, it’s usually not an issue (I just needed to do the two-factor thing to install the app on a new phone). But more and more sites are now using this for payments (per EU law ugh), and it’s the bane of my existence. I love sites that allow you to pay with Paypal as they don’t (yet) require this. Other than that, I’m just screwed and can’t use it to pay. My mom’s cell phone is on my US bank account, but she doesn’t know how to open texts so I need my brother to be there which isn’t convenient.
It’s somewhat of a relief I’m not the only one facing this issue but… yeah, it sucks! I just can’t believe the system wasn’t design to include people who at one point or another don’t have access to their one. Hi, Silicon Valley, can you hear that???
I’m always having issues with PayPal. I’m blocked if I don’t log in from my “usual” location, whatever that is… Canada, I suppose. That said, if I use the app, I can usually log in without having to confirm my identity by text message. It’s super weird.
YES!! I actually was on the phone with CRA a while ago and brought this up, and they said there is a way to change it, but then we got distracted talking about something else and we never went back to the two-factor subject. It’s on my list of things to sort out in the next month before we head back to the boat…will keep you posted.
P.S. Coffee after Thanksgiving?
I have to figure this out because now, the CRA requires a text message for every single log in. Like, log in, grab a cup of coffee, log in again, bam, another text message is required. CIBC has the option to use ProtonMail (it’s free). I’ll let you know if I find out a plan B for the CRA… but I’m going to have to call them and do I really want to call the CRA…
Happy to learn you’re going south again! Yes, coffee anytime 😉
A la RBC il me semble que j’ai le choix d’utiliser autre chose pour le deuxième niveau de sécurité, genre une question personnelle par exemple. Par contre je suis archi coincée depuis une semaine avec ma banque française. Tous les 90 jours on t’impose une connexion avec ta clé digitale, et ta clé est reliée à ton cellulaire. Moi j’ai changé de cellulaire mais la clé n’a pas suivie… donc je peux plus me connecter, je ne peux pas savoir qui est le conseiller que je dois contacter car c’est inscrit sur le compte auquel je ne peux pas accéder. Ma mère a pris le relais sur place mais l’agence locale et le service à la clientèle se renvoie la balle…
renvoient
Oh merde! Je suis avec le Crédit Agricole en France et ça marche assez bien, le second niveau de sécurité passe par l’appli. Par contre, j’ai complètement oublié de changer mon numéro de tel, j’avais inscrit mon 06 de mon séjour en France. Du coup, j’espère à ne rien avoir à faire par texto… on va voir.