Retrieving the 6-digit code from a phone

[ColourOz]

Is there a way to overcome the 6 digit verification code which requires a phone? Personally I do not have a phone 'attached' to me 24x7, so needless to say, and regardless of 'rulings', is there a way to overcome this code?

 

[siliconbeaver]

MSFT also offers a web solution,

https://virtualsupport.microsoft.com/

but it's unreliable. NOT always working. so far I have only got it working 1-2 times. most of the time I had to go through phone as the web, whatever I tried, failed to work.

 

[dg1261]

Is there a way to overcome the 6 digit verification code which requires a phone?

What 6-digit code are you referring to? You're probably referring to "Two-Factor Authentication" (2FA) as a second layer of security, but there are different ways that can be implemented.

The most common (and least secure) method is "SMS-based", in which the webserver to which you're trying to login will send a 6-digit authentication code by SMS to your phone, which you must then regurgitate into a form on the webpage to verify it's you. If this is the method you're faced with, any alternatives are limited to whatever the webserver supports. For instance, Google products support a half dozen different methods, and when logging in there will be a small link to "Try another way" if the default method is temporarily inconvenient or unavailable.

But Google decides what those "other ways" might be. The web service you're dealing with might have different choices, so you'll have to login to your account and explore if and what alternatives are supported. Choices might include sending an email, sending a text, sending an automated voice call, using a "Time-based One Time Passcode" (TOTP) app on your computer or smartphone, using a hardware key (e.g., a "Yubikey" you plug into a USB port), and more. You'll be limited to which of these methods your web service supports.

Unfortunately, the vast majority of US banks and financial institutions -- an industry most in need of good security -- are woefully behind the times and support only the weaker SMS-based 2FA and nothing else. So sad. Hopefully, your Australian banks aren't as bad as the US.

I'll make an additional comment on TOTP apps (of which "Google Authenticator" or "Microsoft Authenticator" might be the most familiar to the general public). Those are marketed as smartphone apps, but FTR note there are equivalent desktop apps that do the same thing, so strictly speaking a smartphone is not required. If the web service you're dealing with supports "Google Authenticator" or similar, your best bet might be to enable that option. You can substitute "WinAuth", a desktop app, for a smartphone. There are also password managers -- such as KeePass, LastPass, BitWarden, et al -- that include a TOTP 2FA authenticator function, so you can use the same app for both passwords and 2FA authentication.

Regardless, your first step will be to explore what options are supported by your web service.

 

[ColourOz]

Thank you dg1261; your reply is excellent.

I am referring to the 6-digit SMS. Strange as it may seem, my phone is used for telephone calls, my desktop for emails. I have not had the option of signing in 'another way' unfortunately.

 

[dg1261]

Unfortunately, if the company you're dealing with only supports SMS-based 2FA and nothing else, there's not much you can do -- other than complain to them. And keep complaining; every time they send you a "customer satisfaction survey", give them low marks and complain again.

The only other alternative I can think of is if you can use a virtual telephone number, but that's a real long-shot. For instance, I've managed to use a Google Voice number with my banks and credit card companies, which is quite convenient for me because I can access my GV number's texts and voice-mail from my desktop (via google.com/voice).

But GV is only available in the US, and even then it's becoming more of a long-shot because increasingly companies are using a proliferation of AI wizards to sniff out phone numbers that aren't tied to a specific SIM and declaring virtual numbers as "not a valid cell number". (A few months ago I managed to get a human customer service rep at a credit bureau to intervene and override their system's block of my GV number by proving to her I could receive texts she sent, even though their AI system said I couldn't.)

So maybe there's a cloud-based telephony service available to you in Australia that your laggard provider will let you use, but I suspect you're probably just out of luck until the company comes into the modern age.

 

[Aardvarkly]

[QUOTE Strange as it may seem, my phone is used for telephone calls, my desktop for emails. I have not had the option of signing in 'another way' unfortunately.[/QUOTE]

I feel your pain. I suffer from the same plague here in France. I had to buy a "smart" phone (that I have no other need for) because my bank insists on only sending the 2FA security codes by SMS to a phone. My particular moan is that I have a very poor to non-existant mobile signal here at home so it is still sometimes non-functional.

 

[SIW2]

Personally I do not have a phone 'attached' to me 24x7

Strange as it may seem, my phone is used for telephone calls, my desktop for emails.

That is common and sensible.