[havan_agrawal]

Your comment takes an (unfair IMO) position that it somehow matters what country the OP was in. It's not like the auth systems are designed for higher scrutiny in specific countries. There is more than one way to confirm identity, but somehow BigTech and Co keep assuming a happy path environment for you.

Case in point: my US bank insists on sending an OTP to my US number (and US number alone) for any transaction, making it impossible for me to move money when abroad. The problem exists in the other direction too, my foreign account only allows verification thru one mechanism. It's really frustrating.

[MR4D]

I worked in the payment card industry for awhile a few years back. There are entire countries that are blocked by card providers due to fraud.

Unfair or not, it actually makes a difference. I was in a neat position to see some of the attempts in real time. It blew me away how much attempted fraud there is. Think of it like spam email - it's that bad.

[LeifCarrotson]

I was the operator of a webserver for a small B2B shop for a number of years. We only had a couple dozen local customers, we hand-delivered custom orders with a dedicated truck. If you weren't local, there was nothing on that website that would have mattered to you.

But there were on the order of 50x more attempts from bots trying to log into our Wordpress instance from India (all illegitimate) than from actual customers. It was ridiculous.

[aendruk]

Similar situation for a local small business I’ve worked for. Typically I’d respond to contact form spam with a notice to the source network. US-registered networks tended to reliably address the problem while IN- just ignored me, if their contact information worked at all.

[PKop]

>It's not like the auth systems are designed for higher scrutiny in specific countries

Of course it matters and of course they are.

Everything you describe and OP describes are frictions that apply by virtue of you not being in the US, on purpose.

[woobar]

> sending an OTP to my US number (and US number alone) for any transaction, making it impossible for me to move money when abroad

Strictly speaking it doesn't make it impossible. You have made a choice not to pay roaming fees while using your USA number while abroad.

[codegeek]

SMS on roaming can be a hit or miss. I travel internationally every year and I am always worried that some SMSs wont reach and it happens from time to time. I especially hate those product/services that only do SMS based 2FA.

[harshalizee]

Nope. I travel to EU often with roaming on. OTP SMSs for many services don't come through. It's a real pain.

[woobar]

Very strange. How about regular SMS? Are they dropped too? I had zero issues with TMo, and I don't even need roaming for this.

[harshalizee]

It's weird, regular SMSs do come through, as far as I know. It's hard to tell as I don't get many SMSs, mostly iMessage and Whatsapp. I'm on AT&T, and something about automated messages from those 5-6 digit numbers never show up when you want them to.

[bberenberg]

Just FYI (because your OTP hell was my OTP hell until recently) if you fly to another country, disable roaming in the phone, and don’t make outbound calls, your phone will receive these OTP messages for free with most US cell providers.