I’ve been using two factor authentication for a number of years. I like when services offer a choice of two factor options. Or the common Google Authenticator app. Less of a fan of SMS required two factor. If I lose my phone or number, I can’t two factor authenticate to a few services. The most recent being Venmo. Ironically, Venmo wouldn’t let me change.
One of my friends has used Google Voice for phone for years. I decided to switch to a Google Voice number. This gives me a few advantages:
- phone rings on multiple devices
- texts get turned into email which means I can view them on multiple devices (nice for two factor)
- I’m decoupled from my cell phone number for two factor
Today I’m switching over a bunch of services to use a different phone number for two factor. This table shows the services I can think of where I use two factor.
Interestingly, having possession of the original phone number was not necessary for any of the services. So I could have done this even if I had lost my phone. I had enough other options set up for two factor. Also ironically, I couldn’t switch Venmo which motivated all this. I can close the account though so if this ever becomes a problem…
|Service||Two Factor Options||How Switching Went|
|Authenticator, SMS, phone, codes, key, Google prompt||Google knew my number in my profile, but I still had to verify to set in profile. And again when wetting as my two factor option. Emailed that changed number.|
|Amazon||Authenticator, phone, SMS||Under my account added a mobile number. Confirmed with SMS text verification.|
|Authenticator, SMS, security key, backup code||Went to mobile and clicked edit to change number. I didn’t enable SMS, but now it has the right number in case I need it as a one off. Confirmed with SMS text verification.|
|Authenticator, SMS, codes, key||Went to security and use two factor. Added Google voice and backup. Emailed that added number.
(Only allowed SMS last I looked. Good improvement).
|Venmo||Just SMS||Won’t accept my Google voice number and gave an error that it needs a mobile number.|
|GitHub (original blog post)||Choice of authenticator, SMS, security keys, recovery tokens (other site), and recovery codes (strings)||Clear existing number. Set new Google voice number. Enter code texted to new number. GitHub also emailed me that I added and removed a SMS number.|
|PayPal||SMS, phone||Confirming my landline number, it had me type a code when they called instead of supplying a code read to me. This seems more secure. Good! The new number was added as unconfirmed. I clicked confirm to get a text to confirm it.|
|SMS||I couldn’t find the two factor page without a direct link. I scrolled up and added a phone number. After confirming the verification code, it automatically made the new phone number primary. I couldn’t delete the original since it is used for two factor. So I went to the two factor section and changed the number. it sent me a code again. Then I finally went back and deleted the original number. And for every one of those operations, I had to enter my linked in password. This felt excessive.|
|DropBox||Authenticator, SMS, codes, physical device||Went to settings and changed my number. I had to enter my authenticator code but not verify possession of the phone number. Emailed that changed two factor settings.|
|Yahoo||Email, phone, text||Went to account to try to change number. Got an error that it can’t accept a VOIP number. I was able to change it my land line. I use Yahoo almost never so it doesn’t matter whether this is convenient. Emailed that removed and added number.|
|Slack||Authenticator||Added my phone number. No verification required.|
|Apple||Various||Added a trusted phone number and confirmed code. Verified with my computer as well as the code. Removed original number. Emailed that number changed|