I’ve been using two factor authentication for a number of years. I like when services offer a choice of two factor options. Or the common Google Authenticator app. Less of a fan of SMS required two factor. If I lose my phone or number, I can’t two factor authenticate to a few services. The most recent being Venmo. Ironically, Venmo wouldn’t let me change.
One of my friends has used Google Voice for phone for years. I decided to switch to a Google Voice number. This gives me a few advantages:
- phone rings on multiple devices
- texts get turned into email which means I can view them on multiple devices (nice for two factor)
- I’m decoupled from my cell phone number for two factor
Today I’m switching over a bunch of services to use a different phone number for two factor. This table shows the services I can think of where I use two factor.
Interestingly, having possession of the original phone number was not necessary for any of the services. So I could have done this even if I had lost my phone. I had enough other options set up for two factor. Also ironically, I couldn’t switch Venmo which motivated all this. I can close the account though so if this ever becomes a problem…
| Service | Two Factor Options | How Switching Went |
|---|---|---|
| Authenticator, SMS, phone, codes, key, Google prompt | Google knew my number in my profile, but I still had to verify to set in profile. And again when wetting as my two factor option. Emailed that changed number. | |
| Amazon | Authenticator, phone, SMS | Under my account added a mobile number. Confirmed with SMS text verification. |
| Authenticator, SMS, security key, backup code | Went to mobile and clicked edit to change number. I didn’t enable SMS, but now it has the right number in case I need it as a one off. Confirmed with SMS text verification. | |
| Authenticator, SMS, codes, key | Went to security and use two factor. Added Google voice and backup. Emailed that added number.
(Only allowed SMS last I looked. Good improvement). |
|
| Venmo | Just SMS | Won’t accept my Google voice number and gave an error that it needs a mobile number. |
| GitHub (original blog post) | Choice of authenticator, SMS, security keys, recovery tokens (other site), and recovery codes (strings) | Clear existing number. Set new Google voice number. Enter code texted to new number. GitHub also emailed me that I added and removed a SMS number. |
| PayPal | SMS, phone | Confirming my landline number, it had me type a code when they called instead of supplying a code read to me. This seems more secure. Good! The new number was added as unconfirmed. I clicked confirm to get a text to confirm it. |
| SMS | I couldn’t find the two factor page without a direct link. I scrolled up and added a phone number. After confirming the verification code, it automatically made the new phone number primary. I couldn’t delete the original since it is used for two factor. So I went to the two factor section and changed the number. it sent me a code again. Then I finally went back and deleted the original number. And for every one of those operations, I had to enter my linked in password. This felt excessive. | |
| DropBox | Authenticator, SMS, codes, physical device | Went to settings and changed my number. I had to enter my authenticator code but not verify possession of the phone number. Emailed that changed two factor settings. |
| Yahoo | Email, phone, text | Went to account to try to change number. Got an error that it can’t accept a VOIP number. I was able to change it my land line. I use Yahoo almost never so it doesn’t matter whether this is convenient. Emailed that removed and added number. |
| Slack | Authenticator | Added my phone number. No verification required. |
| Apple | Various | Added a trusted phone number and confirmed code. Verified with my computer as well as the code. Removed original number. Emailed that number changed |