With massive security hacks now coming on what feels like a weekly basis, two-factor authentication has become a modern necessity. But, leave the country and getting that access code can become a lot more difficult than just waiting for a text. Here's what you need to know and do before your next trip.
What's Two-Factor Authentication And Why Does It Work Differently When You Travel? The basic idea is that your password can be hacked pretty easily, but it'd be much more difficult to also access a device you carry with you — typically your phone. So, Two-Factor requires both your typical password and a time-sensitive code texted to or generated by your phone.
The problems there are obvious. Lose your phone and you're screwed. Or, in a much more typical case for travelers: move out of cell phone reception, let your battery die or leave the country and you may not be able to receive the code.
This was driven home to me last week. While visiting Colombia, my brand new Macbook Air went all black screen of death on me and I needed to borrow my girlfriend's computer to write, edit and publish articles. That ended up being much more difficult than it should have been. Gmail's verification texts apparently don't send to your phone when you leave the country. Neither do Twitter's. Even with the same US number, good reception and armed with an international roaming plan. So, work became a frustrating two-screen task split between her computer and my phone, requiring me to Facebook Message links between devices and generally doubling the time it took me to do anything. If I haven't responded to your emails in like two weeks, this is why. I'll catch up today, promise.
Had I been a little more prepared, I could have avoided the hassle. Here's all the preparation you need.
General Good Practices: A day or two before you travel, take the time to log out of and back into all of your accounts on any devices you plan on taking with you. Many services, such as Gmail, can be set to verify a device only once every 30 days, so you'll be resetting that counter by doing this. Some, of course, require a new login every time your IP address changes, so even just by changing which WiFi network you're using at home can log you out. But, many aren't quite so annoying and doing the login reset can save you the hassle.
If you'll be traveling with a family member, significant other or a colleague or friend who isn't a shithead, you can also set their phone number as a backup. I suppose you could also do this with someone at home, but they may be unavailable when you get locked out or you may be unable to reach them because you're locked out.
Gmail and other services will generate permanent login codes for you so you can print them out or write them down and keep them somewhere safe. Probably a good idea to keep them somewhere other than your laptop bag, wallet or cell phone case, just in case you lose any or all of the above. Put them all on a little piece of paper and stick that in your shoe or somewhere else that'll stay with you wherever you go and isn't likely to be lost or stolen.
Yeah, you should keep your phone on you, keep it charged and an external battery pack is a great idea. But, the unexpected often happens when you travel. Factor in flight delays, jet lag, lost luggage, insanely short flight connection times and the general frequency of the unexpected happening and it's just a very good idea to prepare for a little more than everything going according to plan.
Google Authenticator: This app is available on either iOS or Android and you can link it to a variety of accounts. It works even if your phone has no cell or data connection (ie in Airplane Mode). Set it up before you travel and, so long as you have your phone with you and your phone has power, it eliminates most of the hassles described here. If I'd had it on my phone last week, I could have used it to access Gmail. But obviously it's not going to help should you lose that phone.
Gmail and other Google Services: Google won't text you if you're abroad. You know, because they're a tiny little company that can't afford a 50 cent text message. So, try to access your Gmail account on a device other than your own and you're going to need a code. They'll let you print out a master code (and even prompt you to do so occasionally!). Do that, it's a good idea. So long as you don't store it with your password, you shouldn't be compromising your account's security by doing so.
Facebook: Facebook uses its own authenticator packaged into its mobile app. It's reliable and automatic; the app kicks a code to your phone's alert center the second you try to login to your account using another device and need one. But, this code refreshes every 30 seconds, so trying to get it off your phone and into a computer in a stressful or busy environment like on a bumpy, dark bus can prove a hassle. But, lose both your recognized computer and recognized phone and you could be out of luck altogether.
Twitter: I can barely retain access to my Twitter account at home. I'm laying on my couch as we speak and have access to the service on this computer, but not my phone. It's usually one or the other and requires me to reset my password at least once a week. Twitter will also refuse to text you abroad. Their two-factor system is a little different from most others; so long as you have your phone and, unlike me, you can actually access Twitter from that phone, then the app will just prompt you with a simple 'yes' or 'no' when you try and login from an unknown computer. They'll also let you print out a physical key should you lose that phone or if, like me, you can't access Twitter using your phone.
Kinja And The Gawker Sites: Back when Kinja first rolled out, the mothership asked all its contributors to connect it to our Facebook accounts. So I log in using Facebook. I suppose this could be a real issue should I lose both my phone and computer. The solution would be to connect it to your Google account as well. In fact, I just did that. So Kinja's easy, but accessing some of the main Gawker sites can still be problematic. I'm told that it's for reasons of affiliate links, but you can't access the Gizmodo front page from South America, for instance, it only allows you to load gizmodo.es, even if you use an incognito window. The solution is to read the sites via Twitter. No, you don't need to deal with that services problematic logins, just visit twitter.com/gizmodo for a real-time feed of stories; you can access each without problems just by following the permalinks. The sub-sites like IndefinitelyWild allow you access regardless of location.
Your Bank: Way easier! You can do the standard text-you-a-code two-factor or, should it all go wrong and you lose your wallet, phone and computer, you can just look up the free international phone number for you bank and call them. Believe it or not, but you can actually complete any banking function over the phone with a friendly, English-speaking person on the other end. Obviously tell your bank about your travel before you go. Chase actually refused to put a travel notification on my account for Colombia because of the War On Drugs or something, but my card worked there the entire time. Different story when I bought three rounds of drinks on the flight home and American Airlines processed them all at once after landing. They turned my card off and I couldn't pay for the cab ride home using it, but a simple verification text arrived a few minutes later and all I had to do was respond with a '1' to restore access. Banks are used to people traveling, even if they disapprove of heavy in-flight drinking.
Other Tips For Electronic Travel: The best tip I can give anyone is to create a clear, reasonably high-resolution scan of your passport's ID page and email it to yourself with the subject line "Passport." Should you lose your passport while traveling, that'll give you a copy you can pull up on your phone or any computer. Provided you can navigate two-factor, of course. This will get you through passport control, even if they give you some sass about it.
Buy the correct plug-adaptor before traveling; they're easy to order from Amazon but impossible to find once you're in-country. Hotels sometimes have them, but I wouldn't want to rely on that.
You know this, but put a password login on your phone. There's sooooooo much personal data on them these days and thieves and other baddies are aware of that and target them as a result. Your computer should have one too, for the same reason.
Pick up a personal WiFi hotspot like Karma. Most won't work in foreign countries, but their domestic data rates are far less than airports or hotels typically charge and they just generally give you more freedom of movement. You can use one to work during the hour-long cab ride to JFK or LAX for instance. Or just go sit on a park bench with no one the wiser that you aren't in the office.
Data roaming in foreign countries is expensive! You can buy data packages for specific countries from your cell provider before you travel. If you don't, make sure you disable mobile data on your device when you arrive or prepare to be slapped with incredibly high charges even for tiny amounts of usage. Then, just use WiFi networks to download emails or look up directions. You can pre-load Google Maps areas and directions when you're on Wifi, then use them to navigate the walk from your hotel to dinner; GPS location doesn't require data usage. If you're going exploring, follow our instructions to turn your phone into a powerful GPS navigator and pre-load the maps before you leave.
Be aware of your personal security just like you would at home. But, don't be a 'fraidy cat, most places aren't any more dangerous than America, actually have much better health care and you're much less likely to get murdered by police in any literally any other country. It's vastly more likely that you'll cut yourself shaving in the hotel than run into any actual trouble when you leave it. If you want to learn more about keeping yourself safe abroad, then pick up a copy of Robert Young Pelton's book Come Back Alive; that's the most useful survival book you'll ever read, is particularly applicable to foreign travel and full of practical advice anyone can use.
IndefinitelyWild is a new publication about adventure travel in the outdoors, the vehicles and gear that get us there and the people we meet along the way. Follow us on Facebook, Twitter, and Instagram.