• Menu

Two-Factor Authentication is The Bane of my (Semi-Nomadic) Life

Bedroom door, Ottawa, September 2021

I was chatting over coffee with my brother in his Parisian apartment when I had one of these “shit, the bread!” moments most French are familiar with—basically, you’ve just realized it’s almost 7 p.m. (or 8 p.m. in Paris), bakeries are going to close, and you have yet to buy your daily baguette for dinner.

“Be right back!”

I jumped to my feet, grabbed my coin purse and mask, and rushed to the bakery down the street where I joined the queue of last-minute bread hunters.

Five minutes later, I strolled back to the apartment building, one of the last baguettes in my left hand.

This is when I found myself facing a closed door and another very Parisian challenge.

“Merde, le code!

Most apartment buildings in Paris no longer have doormen because, well, salaries cost money. At some point in the 1970s, gossipy but useful caretakers were replaced by a “digicode,” an electronic lock. Not so unusual these days, but in Paris, “digicodes” are not your typical intercom where you dial a resident and wait to be buzzed in. Most of the time, there’s just a ten-digit keypad—sometimes with the first four or five letters of the alphabet thrown in just because—by the front door. Basically, you need the access code because there’s no “hey, can you let me in?” buzzer option.

I had the code. My brother texted it to me. The thing is, I didn’t take my phone, just my coin purse. No phone, no code. No phone, no way to call him to let him know I’m stuck downstairs. No phone, no luck.

I lit up a cigarette and started pacing the street, my eyes on the front door, ready to tag along with anyone willing to let me in. Just my luck, Mark got over separation anxiety about five years ago—he worships my brother and it could take a while before either of these two realize it’s weird I’m not back yet.    

I inspected the keypad, looking for faded numbers. Meh, only works in fiction—I was staring at Paris’ cleanest keypad ever.

I leaned against the wall and closed my eyes, trying to remember a code I had only punched in a couple of times and never bothered to memorize. A1846? No. A1445? Nope… A1945? YES! Love the human brain, it’s pretty amazing.

Phew.

Because, not again.

The thing is, getting locked out is kind of my specialty, although most of the time it happens online.

You’ve probably noticed that many websites now require two-factor authentication, basically prompting you to verify your identity with a unique identification code sent by email to text message when you attempt to log in. This best practice for additional security can be an optional feature deactivated by default or a mandatory step, especially when using online banking.

If I can receive the code by email, it’s all good—if I’m online, I can presumably log into my one and only email account and grab the code. Text message? Now, that’s a different story.

This is the message I dread:

Quick security check We just need some additional info to confirm it’s you. Receive a text Mobile (6••) •••-8137

I have two different bank accounts—business and personal—in two different Canadian financial institutions. Both have my Canadian cellphone number on file, and it’s the number that will be used to verify my identity. No problem if I’m in Canada, but what if I’m not?

No matter where I go, I never take my Canadian SIM card out of the country—roaming charges apply outside coverage area, sometimes even within Canada. And international data roaming is either unaffordable or simply not available. For instance, Videotron—my provider—offers a “daily traveller pass” for $13/day plus fees, so $0.60/min for calls, $0.30/text message, etc. So for a standard two-week holiday, basically $195 plus fees for talk, text and data use, ah ah.

Even the Government of Canada warns travellers against using data plans outside Canada: “you may receive an unexpectedly large bill for your data usage, known as ‘bill shock,’ from your wireless provider after you return home. This is the result of the exceptionally high international data roaming fees charged by Canadian wireless providers to keep you connected to a wireless network while you are outside the country.”

I take my phone when I travel, but I leave my Canadian SIM card at home and I buy a local SIM card if needed. This is what I did this year in France. I just grabbed a no-fee Lycamobile SIM card and bought a €14.99 30-day plan (unlimited calls and texts, 20 GB of data) I renewed for as long as I needed.

But then, I was unable to log into one of my Canadian bank accounts and into my Canada Revenue Agency account for five months because both required two-factor authentication by text message. And you can’t just update your phone number without logging into your account first.

Canada Revenue Agency message
Canada Revenue Agency message
Canada Revenue Agency message
Canada Revenue Agency message

I have yet to find a solution to deal with the issue when I’m not in Canada. I can’t be the only one cursing two-factor authentication with text message security codes! Phones can be lost, stolen, run out of battery… not to mention that when the government doesn’t claim we should avoid non-essential travel outside Canada until further notice, Canadians do travel abroad, probably without their phones like me.

If you’re facing the same issue, do share!

Leave a reply

Your email address will not be published. Required fields are marked *

7 comments