Luddite needs to get two factor authentication, in Canada
June 2, 2024 6:18 AM

The Luddite is me. What can I say? I am a historian and I don't particularly like spending time in the present. But now I need two factor authentication to continue connecting to just about everything and the many workaround I have been using are no longer sufficient. Why is this even a problem? I don't have a cell phone, I don't have a budget for a cell phone and my eyesight isn't good enough to use one without extreme difficulty, and only in a good light, while squinting and muttering.

Right now to get around the problem of poor eyesight I am use a Windows PC to get onto the internet, connected to an extremely large monitor. A 32 inch screen is the smallest I am really comfortable with.

Nobody in my immediate circle has a cell phone either, so while I have, on a couple of occasions been able to get someone to use their cell phone to help me, this is not something that could be done without making prior arrangements long distance, using landlines so that someone halfway across the continent can tell me the security code that got texted to their phone. I can use 2FA to set up a new system once, if I have to, but not repeatedly.

I could, if necessary, cover the cost of buying myself a cheapie cell phone, but not the cost of recurring minutes. We thought we could get minutes that don't expire, and tried that, buying minutes twice after being assured they would never expire. Both times they expired, unused and when we needed them were gone. We were lied to by the clerks selling us the minutes. Thus, efforts so far to join the current cell phone era have not been successful.

I am hoping there is an app for PC that I can use to get 2FA, and that I won't need to have 2FA to get to the app in the first place. For example, MicroSoft seems to offer something of the kind for PC, except to get me to where I can see the details as to what it costs, I need to log into my MicroSoft account, which requires me to use two factor authentication... And since this is MicroSoft I am suspicious that it will not be suitable for me anyway, as it will perhaps be a subscription model with recurring payment, hostage taking of my data, and yet still turn out not to work for what I need. This is especially if I have to use 2FA to log into my MicroSoft account to use the app, if it only works while I am logged in...

(I use MicroSoft as little as I can. I also don't use Google unless I can't find something that works at all to replace it, so currently only Google Maps and Google Translate. I'm not saying I won't use them if they are the only, or very best option, but I am going to be grumbling "oh god, no, not THEM again" as my past experiences have been frustrating.)

I have been able to use my one and only e-mail for two factor authentication with a banking app for PC and with the CRA, probably because those two organizations have realised that they need to accommodate doddering users. I have even sometimes been able to use my landline where a robotic voice calls me and chants the security code, so if anyone knows a PC app that merely uses e-mail to receive text messages or turns it into a voice code, I am very interested.

Please keep in mind that I am in Canada, so it has to work here, and that I am not prepared to spend 35$ every month just to receive two security code messages. I have only one e-mail. And I can't see anything small.

Suggestions, please?
posted by Jane the Brown to Computers & Internet (42 answers total) 9 users marked this as a favorite
Bitwarden will generate some types of 2FA codes. See https://bitwarden.com/help/integrated-authenticator/

I think you might have to pay for the premium version but is only something like $10 a year.
posted by chr at 6:26 AM on June 2


Google Voice will give you a free textable phone number.
posted by Tell Me No Lies at 6:30 AM on June 2


Unfortunately there’s no easy solution to this.

For some services, email is an option.

For others, you could install a 2FA app on your computer. I would expect this to be the least widespread solution.

For SMS, you could get a Google Voice number, and you can access texts via the web. This is very hit-or-miss. This won’t work with most financial institutions.
posted by rhymedirective at 6:33 AM on June 2


Some 2FA setups will call your landline and speak a code to you, that you then type into the authentication screen on the website. This is how my 82-year-old mother who believes (incorrectly) that her dumbphone cannot receive texts manages her Apple ID.
posted by spamloaf at 6:39 AM on June 2


OP is in Canada so the free Google Voice option isn't available there.

I think that in your case, OP, I'd sign up for voip.ms Messaging Suite, which is based in Canada. They provide you with a phone number (referred to as a DID) that can accept texts for $.85/month, and then charge $.02 for each text message received. They have a portal for PCs so that you can use your existing computer to receive (and send) texts. No contract, purely usage-based except for the very small monthly fee.

While there are non-SMS 2FA solutions available such as Yubikeys or One-Time-Code (OTC) apps or Passkeys, the issue is support - there are providers who simply don't support those solutions, while almost everyone supports SMS. For now, I think a cheap Canadian VoIP SMS messaging plan is the all-encompassing answer if a cheap cell phone isn't in the cards.
posted by eschatfische at 6:43 AM on June 2


I should probably also add that voip.ms offer SMS text to email forwarding with the above Messaging Suite service.
posted by eschatfische at 6:46 AM on June 2


Last I checked, Google Voice isn't available to Canadians. It'll work in Canada but only if you get a number while in the USA. I've had a 415 number for more than a decade but got it while in the USA. Every 6 months of so Google makes me confirm I'm me and it won't allow me to do so from my Canadian phone number.

Jane the Brown, I'm happy to send you a flip phone for free if you want. I have one of these that is brand new. Not sure if the screen display is big enough for you. You'd have to let me know. You can MeMail me and let me know if you'd like it.

You might also want to check out a YubiKey from Yubico or a Solo Key. It would depend what service you're trying to log into.
posted by dobbs at 6:47 AM on June 2


Like other commenters, I think the discontinuity in types of 2fa offered by different websites/services will be the rub. Phone is close to universal; others will accept a code generated by software/an app, and a few (generally big companies) support a hardware key like Google Titan or Yubikey. These devices look like USB thumb drives and generally cost $25-50.

If you can make an exhaustive list of the sites you need to use 2fa with, you can probably round up information about what each supports and come up with a "best enough" guess at what will work for you.

I use a Yubikey. If you choose a hardware 2fa device, purchase and register two, one for daily use and a backupkept in a safe location. They do not need to be the same device; you just need to be able to register both keys (or a key and a second backup 2fa) for every site.

I also don't have a cell phone per se--that is, I don't have a physical phone, smart or "dumb," or other dedicated device used to make calls, but I do have a mobile number through Google Fi that allows me to recieve calls and texts on my computer (through Google's Messages app, generally). Because phone-based 2fa is effectively universal, this covers any situation where a hardware key is not supported. But using Google Fi does require a greater investment in the Google ecosystem than you may be willing to tolerate.
posted by pullayup at 6:54 AM on June 2


Numberbarn is a Canadian service that gives you SMS and voicemail on a Canadian phone number for $2 (sms) to $6 (voice) a month.
posted by dum spiro spero at 6:59 AM on June 2


Google Fi can also not be bought in Canada. It'll work in Canada, but you need to set up with a US credit card attached to a US address.
posted by dobbs at 7:03 AM on June 2


It's going to depend on what 2FA you're going to try to use. Some, like Okta are extremely flexible in supporting multiple options (but it's customer configurable, IIRC, so if who you're trying to connect to says, "no SMS or e-mail," you're out of luck if that's what you prefer to use.

Many forms of 2FA support desktop clients, including Google Authenticator.

Most of the authenticator apps work fine over Wifi, so you can buy someone's literal $10 old phone and put the apps on them. Once set up, they generally don't even need a network connection as long as the clock is accurate.

I have been able to use my one and only e-mail

I get that you're all luddite, but please set up an alternate e-mail and list it for recovery for your primary so if you get locked out of it (which can happen from no fault of your own) that you can get back in without having to spend a ton of time on it. I've spent sooo much time helping people like you who didn't do so.

As a note, while Google Voice is not a solution for OP because of being in Canada, it is also not a good option for 2FA for most people. I've never bothered to track down the cause, but Google Voice specifically does not receive messages from the SMS gateways that about 1/3 of the SMS gateways I've tried to use it with (including major banks). This includes having _had_ it work properly initially but then stop, making recovering the account a major pain.
posted by Candleman at 7:06 AM on June 2


Google Fi can also not be bought in Canada.
I thought that might be a problem. I was interpreting the claim "All Google Fi Wireless plans support data, calls and texts within the US, Canada and Mexico" as a possibility that it was available to Canadians, but I guess it means you you have to be a US person calling or traveling to Canada and Mexico. And since I'm in the US, I'm only seeing Google's info for USians.
posted by pullayup at 7:06 AM on June 2


I just want to caution OP (and others) that I've looked extensively at this problem as somebody who wants to have a "cell phone" for work 2FA so crucial accounts aren't tied to my personal phone -- as a charity, I don't want to pay for a cell phone just for that, though.

The vast majority of cheap "fake phone" resources and apps will not work as 2FA for all things. I'm a voip.ms customer, for instance, but their "SMS" service is not recognized as a cell phone and cannot be used for 2FA for banks, and Discord, among other things.

A very large number of services will demand "real" cell numbers and not VOIP or other simulated lines. Google Voice, Voip.ms, Burner... I've tried these and others whose names escape me.

At the end of the day a number is either identified by phone systems as a "cellular telephone number" or not. No services that I've found can spoof a cell number. Only cell numbers generated and issued by a cellular telephone provider in Canada work for these.

My last bastion for this was some sort of a Seven-Eleven pay as you go cell phone... the details escape me now, because I got busy with other things, but I think I got hung up on the fact that you still need to put a SIM card in a physical device for it to work.

Anyway: good suggestions above, but caveat emptor that "fake number" services are not cell numbers, will not be recognized as cell numbers, and will not work for key 2FA needs.
posted by Shepherd at 7:43 AM on June 2


I can't give any specifics because I've never tried it, but I believe both Android and iOS have fairly extensive accessibility options including text-to-speech. These should be available even on cheap models, because they're part of the operating system.

Also, adjustable font sizes combined with the ability to bring a phone right up to your nose might mean you don't even need that, depending on the type of vision difficulties you have.

And, in the worst case, there's always the tedious but effective workaround of copying the authentication message on your phone and emailing it to yourself such that you can open it on your computer. But that's not likely to be necessary.
posted by trig at 8:21 AM on June 2


I will say: if you've never used a smartphone much you'll probably find it very frustrating and annoying at first. It's probably worth just accepting that and telling yourself it will quickly become less frustrating as you get used to it.
posted by trig at 8:23 AM on June 2


Two choices that are not phone-based and also free: Authenticator.cc, which is a browser extension and KeePassXC, a desktop application
posted by O9scar at 8:40 AM on June 2


Shepherd, I use Google Voice and an American VoIP provider similar to voip.ms, and they work fine with the vast majority of the services I use. I have had a similar experience where Discord requires an actual phone, and there have been a few other edge cases over the years, but I do authentication this way for a broad variety of sites and it works fine. Given the low cost, I still think it's worthwhile for OP to try. The assertion that it will not work carte blanche is not in any way my personal experience.
posted by eschatfische at 9:08 AM on June 2


I've never bothered to track down the cause, but Google Voice specifically does not receive messages from the SMS gateways that about 1/3 of the SMS gateways I've tried to use it with (including major banks). This includes having _had_ it work properly initially but then stop, making recovering the account a major pain.

Yes...there are even institutions for which it works sometimes and not other times. Not sure what the back end issue is, but it's not reliable.

The advantage of a smartphone is that you can magnify the screen text in various ways, or even have it read to you (depending on system, of course). Not really all that different from what you're probably doing on your monitor. My very-low-vision friend does this routinely, although like all accessibility measures it's not perfect. However, if it's not affordable, it's not affordable.
posted by praemunire at 9:42 AM on June 2


What are my options if I just can't see well enough to use a cell phone? Is there some kind of larger device that counts as a portable, even if it's five times or ten times as large? A tablet or a notebook or something? I will rarely, if ever, be able to get someone to read it for me so it really has to be something I can reliably do without help. I want to be able to use it multiple times a day. Like I said, my optimal screen size is 32 inch. For comfort I sometimes even magnify that, using the Window's key and scrolling.

If I don't purchase minutes will I still be able to get text messages on a cell phone, using my home wireless network? Does an SMS plan require minutes?

It sounds like the consensus is that I need to get the cheapest cell phone and monthly plan to go with it that I can find, if only I can get a cell phone that I can actually see. I am getting the impression that any effort to get by without a cell phone will be regarded as an attempt to circumvent security, so while it may work at first, or work sometimes, it is likely to be only a short term solution. 2FA gets its security value from being used with cell phones, right?

(This is baffling me. Anyone intending fraud is going to easily be using burner phones. I have even in the past gotten random strangers at the library to let me use their cell phone number to get a 2FA text while using a library computer.... How is a cell phone considered to be safe verification?)

The reason I am down to only one e-mail now is because the free ones I used to have didn't get checked often enough so the providers dropped them, (Live, hotmail etc.) and because all the replacements I have tried to sign up for required 2FA to do the sign up..! A large part of why I want to get 2FA now is so that I can get a back up for that one ancient e-mail account before I lose connectivity entirely. Rest assured that getting back up e-mail is likely to be a priority.

dobbs, I would be grateful for the flip phone, so that I could fool around on it and try to see what I can actually do with something that size. I have a steep learning curve ahead of me, so any help with very first steps would be useful.

Thank you everyone for all the helpful information so far!
posted by Jane the Brown at 10:10 AM on June 2


Jane, if you get a cheap, modern Android smartphone and messaging plan, which can often be found very inexpensively, you can use Google Messages for Web to read the SMS messages an Android phone receives on any computer. You can leave the phone in the charger and just read the messages in a web browser. It's possible to do similar things with an iPhone and Apple Messages on a Mac or iPad, but I assumed (and I think the rest of the posters assumed) that's out of your price range.

I'm not saying this is applicable to your situation, but both myself (middle age) and my elderly mother (late-70s) recently had cataract surgery and we're both doing much better with reading screens. I empathize that using a cell phone was becoming nightmarish with age, but after cataract surgery our ability to read them has been restored. I'm not sure if this is an option for you.
posted by eschatfische at 10:22 AM on June 2


OP – take another look at Numberbarn. I have used it successfully for several years with 2FAs for banks, CRA, and other services in Canada. In fact, I use it in conjunction with Google Voice and Google Fi. (Yes, I've collected them all.)
posted by dum spiro spero at 10:26 AM on June 2


My mother has vision issues and sets the text on her phone to maximum font size and uses a magnifying glass to read from it.
posted by cooker girl at 10:45 AM on June 2


What are my options if I just can't see well enough to use a cell phone? Is there some kind of larger device that counts as a portable, even if it's five times or ten times as large?

Yes, search for tablets with a SIM card. (There are even some laptops that can accept SIM cards.)
(And yes, the 2FA method has lots of holes.)

I would not be that certain though that a phone would be impossible to read, especially one of the 6+ inch ones. The interface -- fonts, UI elements -- can be made very large, there is built-in screen magnification, and again there's text-to-speech. If you know anyone who has one, or can have someone set up with these settings for you in a store, you can evaluate if any of these makes things accessible for you.
posted by trig at 10:51 AM on June 2


By the way, proton mail is a free provider that I'm pretty sure lets you set up an account without 2FA.
posted by trig at 10:54 AM on June 2


Yes, search for tablets with a SIM card.

Not all tablets with SIM cards do text/voice, though. E.g., iPad, even with cellular capability, doesn't (I was surprised to learn). Confirm before you buy!

My friend is sufficiently visually impaired that she has to get an escort through the airport when she flies--she has her CNIB card and everything--and she can use her iPhone with the accessibility features (though not without some frustration). I know that impairments vary, but I wouldn't assume it's beyond your capacity, especially for something you need to use like twice a month.
posted by praemunire at 12:13 PM on June 2


Yes, search for tablets with a SIM card. (There are even some laptops that can accept SIM cards.)

There are 4G and 5G USB dongles so that basically any PC or laptop can accept a SIM, although not all of them (like the laptops with an integrated 4G/5G option) can do voice so that they're recognized as a valid phone number for those 2FA implementations that require that. SMS will be possible with nearly all of them.

Another option would be to get a phone that can drive an external screen allowing it to display on that large monitor. This would likely require pressing a button on the monitor to switch inputs, allowing to see the 2FA code and memorize it or write it down, then switching back to the PC to enter it in the application.
posted by Stoneshop at 12:35 PM on June 2


This program may or may not be appropriate for you, but if not the organization still might have some other ideas that could help you.
posted by JanetLand at 12:52 PM on June 2


smartphone and messaging plan, which can often be found very inexpensively ….

Note that the OP is in Canada. The concept of “very inexpensively” does not apply there to any kind of data plan.
(source, me, a Canadian, who works for a company that makes heavy use of cellular data for devices operating all over the world. We review data availability frequently, but still Canada is 5–10× more expensive than any other country for data plans.)
posted by scruss at 1:12 PM on June 2


One way that 2FA often works is to send you a code by text message. I don't know how that would work with a landline. I have heard of text messages being converted to spoken text to send to a landline.

Another way is for you to use a smartphone to scan a QR code into a 2FA-keeper app. Importantly, this smartphone doesn't need a cellular connection. It probably doesn't even need wifi (although you might as well hook it up) You could find an old smartphone for sale cheap; as long as it works, it would work for this. The 2FA-keeper app I use shows the rotating codes in pretty big type, and I could probably make it bigger if I played with the accessibility settings on my phone.
posted by adamrice at 1:40 PM on June 2


Note that the OP is in Canada. The concept of “very inexpensively” does not apply there to any kind of data plan.

My understanding is that SMS is generally included in "talk and text" plans even in Canada and that SMS messaging, by design, does not require a data plan. OP could be on a talk and text plan, connect a smartphone phone to Wi-Fi, and receive text messages on their PC via Google Messages without a data plan. Please correct me if I'm wrong.

I do understand that a cell phone plan in general is generally higher in Canada than in the US.
posted by eschatfische at 1:59 PM on June 2


I'm not saying this is the cheapest thing around, but Telus will roll over remaining minutes on its $100/one-year prepaid Talk and Text plan, as long as you buy another $100 the next year (and register it before the old one expires).
posted by sardonyx at 2:08 PM on June 2


Please check out WinAuth. It's a free, standards-based open source 2FA authenticator that runs on the Windows desktop. We use it as a non-phone authenticator where I work. I don't know for sure that it works in all the cases you would need it for, but it seems like a good place to start. You may need someone to help you set up and run it for your applications, but it may be just what you need. It has no external dependencies except the .NET 4.5 Framework.

From the website:

Support for multiple Authenticator services

WinAuth supports any service or website that uses the Google Authenticator, Microsoft Authenticator or an RFC 6283 based authenticator. It also supports games such as Battle.Net (World of Warcraft, Hearthstone, Diablo III), GuildWars 2, Glyph, WildStar, Runescape, SWTOR and Steam.

Portable

WinAuth requires no installation and is a single executable file, and so can be run from a USB drive or stored and run from cloud files services such as DropBox, Google Drive, or SkyDrive.

If your configuration file (winauth.xml, normally stored in your Windows roaming profile) is in the same folder as the WinAuth program, it will use that instead and switch into “portable” mode, not saving any other information to the computer.

Microsoft .NET Framework 4.5 is required.

Multiple Authenticators

An unlimited number of authenticators can be stored, each with their own personalized name and icon for quick reference. The WinAuth application can be sized as preferred or automatically displayed to fit.

Automatic or On-Demand

Each authenticator can be set to automatically display and refresh the current code or to only calculate and show the code when clicked.

(There's a lot more information there.)
posted by lhauser at 4:16 PM on June 2


Reminder that our Luddite is in Canada, and ADA doesn't apply there (though there may be similar laws in Canada, I don't know).
posted by lhauser at 5:18 PM on June 2


You don't need a data plan for cell phone text message 2FA, just one that lets you receive text messages.

With most plans, receiving text messages is free. So if you don't want to use this as a phone, the goal would be to find the cheapest plan and you should be able to receive texts. Bring your own phone plans tend to be cheapest. I have used this website before to compare phone plans. The cheapest I found where you have no data, calling or texts included (but which would still be able to receive texts), was $8/month.

You may also be able to use another type of pay as you go phone without an ongoing plan, I don't know much about that.

I second that if you use an android phone you can then use Google messages on the web and magnify the messaging that way as much as you like. But there is a pairing process and I have sometimes had to repair multiple times. There are accessibility options that put a button on the screen to allow you to zoom in as much as you like. In this set up, the only time you would have to use the phone interface is to set up the pairing.

If I were helping, I'd try the android phone and remove or hide all other apps except the text messages, making the text messages the only app on the home screen. When you are on your computer and enter the phone number, you'd get a phone notification. Even without the browser access, you might be able to see the code if you zoomed the text all the way in so it fills the whole screen. If not, you could try the browser. The pairing might require help.
posted by lookoutbelow at 8:04 PM on June 2


Jane, somebody unthread mentioned the CNIB. I wonder if they might have some advice for you. It won’t help you right now but they also offer free phones if you’re registered with CNIB.

Fido has a $15 basic phone plan with unlimited incoming texts. Read the plan carefully, carriers are often tricky.

Rogers (buyer beware) has $25/month plan that could include a phone if you’re eligible. Again, read the fine print.
posted by ashbury at 8:12 PM on June 2


[Derail removed. Please focus on helping the OP directly with their problem.]
posted by taz at 9:17 PM on June 2


I am also a person that does not have a cell phone. I have called customer service at my bank, my credit card company and my broadband provider and told them I cannot use their 2FA and they need to provide an alternative. My bank and credit card provider send me an email for authentication and then call me on my landline and give me a code that I can use to verify. My broadband provider sends me an email verification the enter when logging in to my web account. It was a bit of a hassle making the calls and I just doggedly persisted that their verification problem is their problem to solve, not mine. I've had to repeat the process of calling and wrangling with my bank when they updated their website but it was easier the second time to get them to accommodate my needs. I use a 32" monitor too. Good luck and don't take no for an answer.
posted by a humble nudibranch at 9:40 PM on June 2


Seconding Bitwarden, it supports all the 2fa and passkeys I need on windows (you need the paid version but it's really cheap).
posted by samj at 11:31 PM on June 2


Why is this even a problem?
A password is secret knowledge known only by you and the service you're accessing. People reuse passwords across sites. When one site gets hacked and spills username/password combinations, criminals then use those username/password pairs to access other sites.

2FA or multi-factor authentication puts an extra secret into a thing you have, whether an app, a cellphone SMS or a hardware device. Companies can't stop you re-using or having weak passwords, they've now got another way to check you're who you say you are, onethat criminals can't easily use. (I don't know about Canada, but in the USA there's organised crime that pays workers in cellphone companies to reassign cell numbers to SIM cards they control when they want to steal someone's account. This is why an app or hardware device is preferred to SMS.)

I also don't use Google unless I can't find something that works at all to replace it, so currently only Google Maps and Google Translate.
It doesn't have routing, public transit or traffic information, but https://www.openstreetmap.org/ has maps for old-fashioned find-your-own-way travel.
posted by k3ninho at 12:39 AM on June 3


2FA gets its security value from being used with cell phones, right?

Not quite. 2FA combines something you know (your password) with something you have (a device with which you can respond to a verification challenge). That device can be a cell phone to receive an SMS, a smartphone or tablet running an authenticator app, a standalone authentication widget and some other, less common options.

I used to have a standalone RSA token, showing a random 6-digit number changing every minute, the 'seed' of which was synchronised with the authentication server at work. After entering the number shown plus a PIN, I would get to enter the password. This was phased out and now it's an RSA app on a smartphone I have. This smartphone does not have a SIM installed, but is _very occasionally_ connected to WiFi at work; it went a year without any connection at all and I fully expect it would have kept working even if I had kept it off the net. I've also used that app on a SIMless tablet.

The only challenge would be to get the applicable app on your smartphone or tablet, and have it added as your 2FA device for the service you want to access. Both of these steps should be needed only once.
posted by Stoneshop at 3:45 AM on June 3


My current android phone also has:
- increase display size, text size, bold and high contrast text
- screen reader (activated using volume keys)
- screen magnification (previously discussed)
- select text to speak
- voice access (using voice commands to navigate the phone)

Google assistant can also read out text messages.

Again, though, you might need help to set up these settings and to figure out the best way to use them for you.

I'm sure iPhones have similar features.

There's some complicated discussion here about setting up prepaid phone plan without a credit card using public mobile and purchased vouchers. I don't know if that would be better than subscription options.
posted by lookoutbelow at 5:29 AM on June 3


Some telephone companies have a Text-To-Landline service where the phone rings and the text message is read to you. I'm not familiar with Canadian telcos but Bell and Roberts both mention it on their websites. It is usually paid for by the sender rather than the receiver.

It might be worth a try before you invest in anything else - try having someone text your landline and see if you receive anything. If it works, you can use your landline for 2FA just like a mobile number.
posted by paulash at 5:44 AM on June 3


« Older Good, clear, concise "immigrants are not the...   |   Small Batch Fruit/Booze Preserve Tips? Newer »

You are not logged in, either login or create an account to post comments