[byteflip]

As someone who’s moving overseas shortly, changing/removing your number is a nightmare. It really is the primary UID. So many things use it for 2FA. In a lot of cases you HAVE to list a phone number. I ported my number to Google Voice as a decent alternative, but you kinda have to know what you’re doing ahead of time. My gf who moved first did not and deeply regrets it.

[fooqux]

It's also not a long-term solution. At some point, your ported number will be updated and flagged as a "voip number" since it's now associated to Google Voice. At that point, you'll start having issues as many services don't like it when people use a number they can acquire for free in a couple minutes as the UID.

[Scoundreller]

Doesn’t work that way for Canadian numbers. Only original issuer is public info. Porting info is on a need-to-know basis (ie: telecoms need to terminate calls; but that’s it).

This can work against you of course, so a good strategy is to get a burner phone and port that number to your VoIP provider.

[lxgr]

SMS gateways know the destination provider too, and I believe this is how blocking VoIP numbers is implemented in practice.

[toast0]

Before I retired (2019), I was getting emails from our telecom providers that Canadian regulators were mandating that they not share porting information with customers (us), although it was generally available before, and was still available in other countries of interest (mostly US), for a fee.

[giaour]

Shouldn't it be the same for the US and Canada? Both are administered by NANPA. Last time I looked into this (early 2020), you generally couldn't get porting info for US numbers, though original issuer was public and easily accessible.

[Scoundreller]

Since US and Can have number portability, it’s managed by a Number Portability Administrator. That’s Neustar in Canada:

https://www.npac.com/canadian-number-portability/the-npac-ne...

[byteflip]

Great to know, so far I’ve been able to still receive SMS 2FA messages but it’s only been a couple of days since porting.

[delecti]

I've used a google voice number as my primary number for quite a while, and it's actually pretty rare to have issues with it. I'd say that much less than 1/10 of services require me to use my cell's actual number.

[amichal]

Google Voice needs to be linked to a valid +1 land or mobile number to function long term. My google voice number lasted for almost exactly 6 months after the us cell number it was linked to was disconnected (moved overseas for a while). It’s classification as a valid mobile lasted a bit less long and now I can not use it to send/receive SMS at all (voice mail works but it will not ring through and I can no longer use it to call. Before that many banks etc stopped Sending SMS 2fa messages through (as the are supposed according to latest NIST guidelines). Thankfully (?) the same banks seem ok to do voice 2fa to my overseas number. Sadly the still do not support better mfa Authenticators.

Would love to know how to maintain a US SMS presence without sketchy obviously for spammers products.

[kernelbugs]

I've been using jmp.chat and have been pretty happy with them. But I haven't tried using them as 2fa provider, they may be blocked by places that block common voip providers.

[dvngnt_]

discord is a big offender

[namecheapTA]

Burner phone numbers in the US seem to be of a particular range of numbers and can also be flagged. I used to use pay as you go burners for random tasks in the past and noticed they gave me trouble when trying to use them to get verification codes sometimes.

[remram]

I'm not sure what you mean when you say "burner phone". I know for a fact that you can get a regular prepaid plan from T-Mobile and pay for it cash, no IDs; that fits the "burner phone" requirements for me. Do you mean that every prepaid plan uses that range of numbers?

[Scoundreller]

Prepaid plan vs post-paid, probably not, but some discount prepaid providers are probably considered “less trust-worthy”, or less profitable when evaluating VoIP numbers.

[ant6n]

I went abroad from Canada for two years, tried to park two numbers to Virgin on cheap prepaid (still paying 5-10$ just to hold a number). Well they fucked up credit card payments on both accounts, closed them after a couple of months and stole our numbers. So aggravating to go through the trouble of parking the numbers, paying perhaps 300$ and then the aggravation of trying unsuccessfully to get those numbers back, and the aggravation of trying to figure out which services use those numbers for 2FA.

Canadian telcos are basically a scam (and Virgin is now my top hated one, assholes).

2FA using phone numbers is idiotic.

[remram]

For sure, the second factor is supposed to be "something you own" and phone numbers are not that.

[Scoundreller]

Should have portes to VoIP.ms or similar.

[julianlam]

That's interesting, although my ISP seemed to know I was calling from a VoIP number (my "land line", as it were). She even knew my secondary number was a VoIP number.

I think in the end she put one of the numbers down in the application after a little pursuasion.

[bityard]

For whatever it's worth, that's not permanent. My current number was originally a GV number and used to get flagged as a voip number. But I ported it out to a mobile carrier a year ago (which Google makes you pay for) and haven't had an issue since.

[refurb]

What I’ve seen is services will verify the number at sign up then never again.

[j_calvert]

I ported my number from Google Voice to Google Fi and lost all the SMS messages sent/received while using the number with Voice.

Mentioned this to a friend who works at Google on their messaging products. His take: "Yup. It's a mess"

[el_nahual]

I did the same switch and can still access all my old SMS's and voicemails at voice.google.com

[ghaff]

The dark side of the mobile number portability that we all wanted. I wonder what would have happened in the alternate universe where a lot of people would presumably have been changing mobile numbers with at least some frequency.

I also have to wonder how Google Voice has survived Google's ax all these years.

[lxgr]

For Google Workspace accounts, it's a paid service (I believe $10 or $20 per number and month). The personal version is presumably a loss leader.

[krallja]

> I also have to wonder how Google Voice has survived Google's ax all these years.

The infinite surveillance capacity of an monitored voice line?

Millennia of training data for AI speech synthesis and recognition?

[dasil003]

Probably because execs use it.

[TedDoesntTalk]

I’ve lost access to a phone number on Google Voice. After my parents died, I ported their landline to Google Voice. This number was in my family for more than 50 years.

After porting a second number into Google Voice (and involving Google Fi) I lost access to the first. A 50+ year old phone number that everyone important to me already had memorized.

If you call the number now, it’s answered by a Google voice subscriber message. So I know the number is still with Google. I just can’t access it anymore.

[hirundo]

After ~15 years with it, starting back in the GrandCentral days, I recently moved from Google Voice to voip.ms, on my path to degoogling. The new service is paid, in a competitive domain, and so needs and has excellent customer service, and a much improved set of features. I'm happy to be the customer instead of the product.

[asdfqwertzxcv]

Are you me? Exact same story. How are you making/receiving calls and texts now?

[couchridr]

Kinda sounds like you are him. Is this forum better or worse with your product placement tricks?

[JacobThreeThree]

Why don't you just contact Google customer service?

I'll be here all week.

[TedDoesntTalk]

Really? Have you ever tried that?

[iLoveOncall]

Wait until you move to your new country and discover that you need a local bank account to get a local phone number, but you need a local phone number to open a bank account.

[GekkePrutser]

Yes Ireland has this too. It's frustrating. They don't have a population registry so proof of address is a 'utility bill'. But to sign up for utilities you need a bank account which requires proof of address. Well you get it.

Also relying on something from a commercial entity that's so easy to fake is weird.

[ghaff]

It's sometimes the case in the US as well. When I got my RealID driver's license I had to show some sort of utility bill as a proof of address--which, as you say, could be pretty easily faked.

[kevin_thibedeau]

I recently did this and had two utility bills. But two isn't accepted so I was given an affidavit form where I wrote down that I was who I claimed to be.

[GekkePrutser]

Lol if you're going to take the user's word for it, why even bother asking for proof :)

[kevin_thibedeau]

It was pretty ridiculous. I already had a passport, other state DL, SSN, and birth certificate. The points for proof of residence are the dumbest part of RealID.

[lelandfe]

Note that many services do not permit Google Voice numbers!

Instagram and Facebook will quickly disable your account and demand a real phone number. I recently had a delivery app inform me at signup that it's not even a real phone number (it happily slurped up the submitted Voice number and later sent me ads about pizza anyway)

[curun1r]

I tried something similar when I went overseas. In my case, I tried to use Twilio and even got everything setup to forward correctly to the number I got in whatever country I was in at the time.

But that doesn’t work for 2FA. I ended up locked out of my online banking accounts for my whole trip and it was a huge headache. My recommendation would be to port your number over to Google Fi and then just use that in whatever country you’re going to. It’s a bit more expensive that local cell service in many countries, but there’s nothing like having your phone just work wherever you go.

[gorbypark]

I ended up porting my (Canadian) number to a cheap pre-paid MNVO service that was $100/yr for unlimited talk/text and no data (within Canada), but seemingly allows me to roam forever and receive SMS for free. Cheapest option I could find in Canada, besides maybe some VOIP providers.

[orblivion]

I think this goes to the fact that we need a new sort of UID. Something thought through very carefully rather that something that comes to be. There's a sort of hidden infrastructure, hidden legacy, hidden stability that's been built around phone numbers and email. For instance, "valid Google email address" is a proxy for "a real person with X likelihood". Same goes for SSN + demonstrated knowledge of your last few residences, etc etc. It's a mess.

Start from first principles, what do we really need to know about a person? What could we build? On the other hand, maybe if it's too good it'll be bad for privacy, and escaping into the shadows, should that become necessary for someone.

[aarreedd]

This a problem some people are trying to solve with blockchain technology.

I'm not necessarily saying this is a good idea. It's just an interesting potential solution.

[orblivion]

The question I think I'm getting at is about who you are and why that matters in a given case. Blockchains are good for keeping identities intact once established, which is different though maybe it'll help overall.

[jdeibele]

https://support.google.com/voice/answer/1065667?hl=en#zippy=...

I've paid the $20 Google charges to make a number "permanent" once for myself and a couple of times for organizations.

For myself, it's a highly secure phone number. I still only use a phone number when I absolutely have to, like with Twitter, preferring to use a hardware key or Authy.

For organizations, it's like an answering machine. My kids' soccer club had a cell phone that was supposed to be answered by the VP when parents or coaches had messages. It was much easier to port the number into Google Voice, put it into Do Not Disturb mode permanently, and have the transcriptions forwarded to the VP on the extremely rare occasions that there were any.

[CamelRocketFish]

I kept my old number and switched it to a provider that offered a yearly prepaid plan with an eSIM. $20 a year and I can keep my old number and switch to it as an active sim to receive a 2FA whenever necessary. I agree to always using 2FA via TOTP however.

[judge2020]

To add, I've experienced a few too many services that seem to block Google Voice numbers for 2fa purposes (although, maybe they're blocking based on area code and there wouldn't be a problem if I ported my existing number to GV).

[lxgr]

This is pretty common, unfortunately (and a major factor in choosing a service provider for me when there are multiple options).

[Mikeb85]

This. A bunch of Canadian government interactions also use SMS as 2FA and I live abroad for months every year. At least most tech companies let you switch to an authenticator app...

[ihateolives]

But you still get SMS when roaming?

[Mikeb85]

Canadian roaming rates are so utterly shit the SIM card comes out the second I'm on the plane. It's like $15 per day to roam in the EU. Not per month, per day, let that sink in... I can get a plan in Europe for 30€ month that puts my Canadian plan ($90/month) to shame...

I'm not paying $450/month to roam...

[gst]

> Canadian roaming rates are so utterly shit the SIM card comes out the second I'm on the plane. It's like $15 per day to roam in the EU. Not per month, per day, let that sink in... I can get a plan in Europe for 30€ month that puts my Canadian plan ($90/month) to shame...

That's cheap. My Austrian provider charges 1 Euro per 100 KB when roaming in Canada (no - that's not a typo). So for 10 GB that's a cheap 100k Euros.

[ihateolives]

Ok, I see. That's nuts. I've been to Canada with my EU SIM but apart from each SMS costing few cents instead of being free if didn't cost me much to keep using 2fa.

I currently have plan for 22€ that gives me unlimited everything in my country (maybe there is cap to minutes but I don't call much) including unlimited data + 10gb data in EU.

I remember that in Canada I was paying through the nose for some basic pathetic plan though.

[lxgr]

Not very reliably, usually.

[trinsic2]

I removed all mobile based 2fa from all my sites that rely on it and strictly use TOTP and u2f. Now I only subscribe to services that provide this kind of authentication. There are a few sites that I still use that rely on SMS 2factor but its a short list now. Most of my sites that have TOTP and U2f support have the option of using SMS auth but does not require it.

[ihateolives]

What's exactly the problem? Is this something US specific? I've been living in different countries for years and always kept my original number in addition to getting local number as well. Never had any trouble with 2fa.

[lxgr]

There are many problems with this approach (I'm using it currently as well, out of necessity, not choice):

- SMS delivery is not always very reliable when roaming.

- Prepaid SIMs usually expire after a while of not topping them up.

- Good luck losing one of these SIMs and getting a replacement abroad. (eSIMs make this both better and worse.)

[ihateolives]

Ok, fair enough with the third point.

Never had missed SMS while roaming and I don't use prepaid as primary number. Have had same number for 20 years now.

[ankaAr]

I Will face the same soon.

There is a guide or something to help you with that?

I know that is just a simple task, but it is a really long chain of stuff to do and prevent yourself being at the other side of your services

[herbst]

I lost my SIM shortly after I moved and never got a replacement. I advocate against phone numbers since then :)

My best advice is to find alternatives and don't depend on anything that depends on a phone number. Things can ALWAYS turn wrong.

[byteflip]

It’s probably trivial for the average HN reader, the key is to do it before you move. Otherwise it can be difficult since Google Voice is not available in most countries. (Will need a VPN). FYI iMessage is real wonky that I’ve removed my phone number.

Should be obvious but you will lose your phone service, so you want to time it close to when you are leaving.

[javajosh]

The hardware solution is either to have two phones, or one phone with two sim cards (which are common in Europe, for example).

[pkulak]

And most things block Google Voice.