Our banks, our social media, and even our blogs are increasingly requiring a special code – called two-factor authorization – to log in.  Usually, they’ll send this code via a text to our cell phone.  But what happens when a cruiser doesn’t have a cell signal, and can’t receive that text?  Here’s how to solve the “login codes without cell signal” problem for cruisers.

S/V Mobert’s “login codes without cell” conundrum.

It was another beautiful day in the Sea of Cortes.  We’d discovered yet another one of the many hidden treasures sprinkled throughout Baja, and were enjoying it immensely.  It was a large restaurant servicing a tiny, private resort in Middle of Nowhere, BCS, Mexico.  Unlike many resorts, this resort welcomed cruisers with open arms.  For the price of a cheap meal and a drink, cruisers could enjoy the restaurant, its three swimming pools, the waterslide, free arcade games, pool tables, and shuffleboard, and that one, elusive thing cruisers can’t seem to get enough of: free wifi.

I ordered my breakfast, and sat down with my laptop as I watched the girls playing in the pool.  Today was going to be a great, day, because I was going to get things done.  Banking, checking some selling features we were experimenting with on Amazon, and email – we hadn’t had internet for over a week, which meant today was going to be epic.  I opened my laptop, logged into the wifi (it actually works!), and dove right in – nothing was going to stop me now!

Of corse, nothing on a boat ever goes as planned, and today was no different.  My progress immediately halted when I tried to log into my bank, and this little doozie popped up on my screen:

My bank requires login codes over cellular for certain features.

Yep, before I could log in, my bank was going to send a login code via SMS text to my cell phone.  Of course, we were in Middle-of-Nowhere, BCS, Mexico, where Carlos Slim had yet to grace the resort with his cellular presence.  I couldn’t complete the login codes without a cell signal, so my bank wasn’t going to let me log on.

I went to Amazon.  Two-factor authentication was also enabled there, and they also insisted on texting me a code via my cell.  Frantically, I tried to log into my Gmail.  Again, two-factor authentication barred my path.  In my efforts to keep my accounts secure, I had managed to prevent anyone without a cell signal from accessing my accounts – including me.  A whole week with wifi at a restaurant most cruisers only dream of, and couldn’t get a darn thing done, thanks to two-factor authentication?  Was this place really cruising heaven, or a cleverly designed cruisers’ hell?  (Okay, who I am kidding, it was still an amazing week there!)

What is two-factor authentication?

Login codes are a kind of two-factor authentication.  Two-factor authentication adds a layer of security to your accounts.  The first layer of security on most of your accounts is your password.  Adding a second factor – a seemingly random and temporary code – ensures that, even if someone steals your password, they still can’t log into your accounts without a second step.

In most cases, the second factor is your cell phone.  You receive a text on your cell with a special code you need to enter in the website along with your password, and that code is the second factor.  But we’re cruisers, and cell signals are few and far between.  So, we can’t use SMS login codes without cell signals.  What are our options?

Best Solution: Use An Authenticator

An authenticator is an app or a device that generates a seemingly random code at regular intervals.  It uses a secret algorithm to do this.  You enter that code into the website, and the website has its own secret algorithm to check the code, so that it knows what the correct code is at any given time.  So, if you first enter the correct password, and then enter the correct code shown on the device at that time, the website authenticates you, and lets you in.  If the code is wrong, or is an old code, you’re not authenticated, and not allowed to enter.

An example of an authenticator device from Wells Fargo. Many banks will provide these to customers for free.

Some banks and websites will offer to ship you an authenticator device.  It’s  a small electronic device about the size of a house key, with a screen to display the code.  Simply enter whatever code the device shows you at the time, and you’re in!  No internet or cell signal required.

Screenshot of the Google Authenticator app in action.

Not all websites offer an authenticator device, but you can still get your login codes without a cell signal.  Both Amazon and Google support Google Authenticator, a free app you install on your phone, and then use when you don’t have an internet connection.  This app is slick because you can use it with multiple websites, or multiple accounts on the same website, and each website/account has its own login codes.  When prompted, just enter the code shown for that login, and once again, you’re in like Flynn.  (Assuming Flynn has an authenticator, of course…)

We have yet to run into a two-factor website that doesn’t either: (1) offer its own authentication device; or (2) work with Google Authenticator.  What websites do you use that require two-factor authentication?  Have you had to use any other apps or devices to log in?

An Alternative Solution: Google Voice

If you’re logging into any website requiring two-factor authentication, then you must have internet access.  So, if you could get your SMS text authentication code via the internet rather than cell, your problem would be solved.  Turns out, you can.

We recommend the authenticator solution above, because it’s arguably more secure and doesn’t require ANY data connection or access to email to get the code.  But, some cruisers get a free Google Voice phone number for authentication.  With Google Voice, you get a free phone number where you can receive text messages (among other things).  You can log into Google Voice to retrieve your SMS authentication codes, and other texts.  The drawback to this solution is that you can’t enable two-factor authentication on your Google Voice account (since you need to log in first to get your code, and you won’t be able to log in if the code you need to log in stuck behind a random Google extra security code request).  It’s also arguably less secure, because anyone who gets the password to the connected Google account can now log in and retrieve any access code they want.  Finally, if you’re trying to use your satellite data effectively, having a second website to log into can be a big data hit.  But, it remains as a way to retrieve login codes without a cell signal.

The Take-Away: Protect yourself with two-factor authentication, even when you don’t have cell service.

You don’t need to turn off your two-factor authentication, and reduce security of your internet accounts, just because you’re cruising.  Keep your logins and you data online safe by using an authenticator, or an alternate phone number, for your authentication codes.

Have you found another solution that works well?  Please share in the comments below!