Cell phone now needed for Social Security AND Bank login

[Gentleman.Jack.Darby]

After figuring out, with relative certainty, why Bank of America SafePass SMS verification codes won't go to my Google Voice number and realizing that it may be awhile, or never, until Google implements an e-mail to SMS gateway, I started thinking about ways, in addition to PushBullet or AirDroid, to get BofA SMS verification codes to places other than my cell phone.

I found another way that some might find easier to implement and easier to use, is probably just as reliable, and can (and probably should) be used in addition to PushBullet or AirDroid to ensure redundancy.

What I found were SMS forwarding apps that are installed on the phone that receives SMS verification codes and then forwards SMS or MMS to the phone number, e-mail address, or both, of one's choosing.

The prime criteria for choosing the app was that it work with wi-fi - a couple that I tried **DID NOT**, which would mean having to have data service on the verification phone, which is an additional expense.

As well, most people would probably prefer an app that is simple to set up vs. a more complex app such as Tasker that, although it can do more, has a steeper learning curve.

The app I found and tested is called PhoneLeash - it is dead simple to set up (at the cost of some flexibility), works with wi-fi, and steps one through the setup process clearly and simply.

PhoneLeash forwards **ALL** SMS or MMS, if one chooses, that are received on the verification phone to another phone **OR** to an e-mail address - I would prefer to be able to specify only verification SMS from specific shortcodes and have them go to multiple e-mail addresses, but hey, can't have everything for free or without complexity.

One thing that I would suggest for those using GV do is to have PhoneLeash forward either to an e-mail address or a number **OTHER** than one's GV number to eliminate receiving multiple SMS in a "loop", ie; to the cell phone number -> PhoneLeash to GV number -> GV number to the cell phone number, etc. although if one's verification cell number isn't one's GV phone (which it shouldn't be), that won't be a problem.

 

 

[OnMyWay]

18 hours ago, Gentleman.Jack.Darby said:

The app I found and tested is called PhoneLeash - it is dead simple to set up (at the cost of some flexibility), works with wi-fi, and steps one through the setup process clearly and simply.

Is there any reason why you could not run more than one app to forward the text via e-mail?  Perhaps a conflict with phone texting app??

Thanks for the information you have been supplying.  I'm going to give the cheap phone / cheap plan a whirl in a few weeks.  I talked to my sister and she said no problem, but she is moving in a few weeks so she said send the phone after that.

T-mobile for prepaid $3 a month should work fine.  It looks like you have to buy a $50 load card to get started, but no problem.  That will last  a long time and you can set up the auto billing too, so you never have to worry about the phone not working or having the number expire.

T-mobile has some decent cheap phones too.  They have a ZTE for $19.95 that should do the job.  I had an AT&T prepaid ZTE for a while before I left the U.S., and it was fine.  I can get this all started for about $70 ($20 for phone, $50 for load card), all online.  My sister will just need to put the sim in and install the app.

[Gentleman.Jack.Darby]

5 hours ago, OnMyWay said:

Is there any reason why you could not run more than one app to forward the text via e-mail?  Perhaps a conflict with phone texting app??

I would recommend against it for a couple of reasons, based on my few years experience with Android and many more years with IT, dating back to the early '80s:

There is no such thing as a perfect software application because, even if the application itself was perfect, it still has to run within an operating system, and it has to run on computer hardware which has it's own software, such as the BIOS.

One of the big problems with Android apps is that many, if not most, are, to put it charitably, half-baked. For example, one of the SMS forwarding apps that I tested would not work over wi-fi, which is a major shortcoming and something that a clued-in developer probably wouldn't do because, it seems, one of the reason many people use this type of app is because they want to work on a desktop PC located in an area with bad cellular, so they need to leave the phone elsewhere in the building, ideally on wi-fi.

None of the SMS forwarding apps that I tested conflicted either with the native texting app or each other. However, I was just testing over a short period of time.

One should also keep in mind that the flavor of Android running on one's phone usually gets updated from time-to-time depending on the whims of the manufacturer or cellular provider, depending on where one bought one's phone  **AND** app developers seem to update their apps frequently. Any updates, either to Android or the app, could "break" something and, the more apps on the phone, the more likely something is to "break".

The other thing to keep in mind, and probably the bigger thing to be concerned about, is that if something breaks and one is abroad, one must rely on the good graces of one's family or trusted friend to "fix" a problem - things like buying a new phone, reinstalling a "broken" app, or installing a replacement app.

If that happens, the family member or trusted friend must "program" the fresh app with the parameters required to forward the SMS to wherever one wants it - PhoneLeash, for example, is bare-bones and requires only a few pieces of information and that information is entered, piece-by-piece, on a series of screens. All one must do is answer a couple of options and provide an e-mail address or phone number. Very simple and no way to get confused.

Tasker, on the other hand, is a lot more flexible and so is a lot more complex - I would dread having to talk someone through that.

One of my job responsibilities to is to manage an IT department and we have about 175 users - those users are just regular folks for whom a computer is just a tool to get a job done and the simpler the better. I'd bet that ALL of them could set up PhoneLeash - Tasker, no way!

I also have PushBullet installed on my phone and during texting, PhoneLeash "played nice" with PushBullet and I got test SMS sent to one of my GMail addresses by PhoneLeash and to the PushBullet site by PushBullet with no problems and both almost instantly.

I always recommend following KISS - Keep It Simple, Stupid, so in this case I'd say just use two SMS forwarding methods on the phone, choose the simplest to setup, and have each method forward to a different e-mail address or texting app (NextPlus, LINE, etc.) so that one has redundancy on both ends. I **WOULD NOT** try to forward to a PI phone number simply because of the complexity involved in configuration for a non-U.S. phone number and the vagaries of sending SMS internationally.

 

 

 

[Gentleman.Jack.Darby]

6 hours ago, OnMyWay said:

They have a ZTE for $19.95 that should do the job.

 

6 hours ago, OnMyWay said:

My sister will just need to put the sim in and install the app.

The only thing I would suggest when looking at lower end phones is to make sure the memory isn't too low - a lot of those phones have the bare minimum, but that shouldn't be a problem because all that needs to run for this task is a couple of apps.

I've looked at a couple of ZTE phones recently and liked them and thought they were a good value.

The folks at T-Mobile are pretty friendly and, when I've had problems getting into a phone to install a SIM, I've gone to the store and the young ladies there with the longer fingernails have no problem doing it.

[OnMyWay]

On 8/10/2016 at 2:34 PM, OnMyWay said:

With so little information to go on, they must have some amazing psychics working there!  

Actually, what is funny is that most of the call centers for Cap One are in the Philippines!  Fraud may not be but I think one time I talked to a Filipino in fraud.

Do you put a travel alert on when you will use the card?  I have not used mine in the Philippines in well over a years.  Mostly I use if for U.S. online purchases.  When I bought my Singapore airline tickets to NZ last fall, I called them first to let them know, and it went through no problem.

All of these companies are ultra sensitive to fraud now, and only trained people are allowed to talk details with you once you are flagged up.  They know that con artists are very adept at fooling the average agent, the job of the average agent is to get you moved on to fraud.

Cap One has a new e-mail system for verifying purchases.  It is easy and I don't mind it.

I pay for my Philippines Netflix with my U.S. Paypal, which goes onto my Cap One credit card.  Tonight I bought a phone at T-mobile U.S. with the cap one card, and these two transactions were flagged up.  I got an e-mail that said click here if everything is ok, which I did, and everything is fine.  No further contact required.

[AlwaysRt]

3 hours ago, OnMyWay said:

I pay for my Philippines Netflix with my U.S. Paypal, which goes onto my Cap One credit card.  Tonight I bought a phone at T-mobile U.S. with the cap one card, and these two transactions were flagged up.  I got an e-mail that said click here if everything is ok, which I did, and everything is fine.  No further contact required.

I tried ordering with Lazada using US Paypal, rejected by Paypal saying they do not allow delivery to the Philippines. CapitalOne is wishy-washy, approved like you described with email, rejected a few times, then approved with email again. It's more fun...

[Gentleman.Jack.Darby]

I just received an e-mail from the Social Security Administration in which it said that they are **TEMPORARILY** "rolling back this mandate" regarding two-factor authentication, ie; requiring an SMS when one wants to access one's online account.

The e-mail said, in pertinent part:

"However, multifactor authentication inconvenienced or restricted access to some of our account holders. We’re listening to your concerns and are responding by temporarily rolling back this mandate.

As before July 30, you can now access your secure account using only your username and password. We highly recommend the extra security text message option, but it is not required. We’re developing an alternative authentication option, besides text messaging, that we’ll begin implementing within the next six months."

I still recommend using two-factor authentication whenever possible because it does add a simple additional layer of security to one's online accounts.

 

[davewe]

Based on this thread I went into my Bank of America branch and told them about my future plan to live in the Philippines and my concerns about text security notifications. I was told by the Branch Manager that online I could change my primary way of contact; they recommended changing from text to email, which if I understand this all correctly should solve the problem. 

I wonder whether other banks and financial institutions also have the ability to change the default contact or security method?

[robert k]

1 hour ago, Gentleman.Jack.Darby said:

I just received an e-mail from the Social Security Administration in which it said that they are **TEMPORARILY** "rolling back this mandate" regarding two-factor authentication, ie; requiring an SMS when one wants to access one's online account.

The e-mail said, in pertinent part:

"However, multifactor authentication inconvenienced or restricted access to some of our account holders. We’re listening to your concerns and are responding by temporarily rolling back this mandate.

As before July 30, you can now access your secure account using only your username and password. We highly recommend the extra security text message option, but it is not required. We’re developing an alternative authentication option, besides text messaging, that we’ll begin implementing within the next six months."

I still recommend using two-factor authentication whenever possible because it does add a simple additional layer of security to one's online accounts.

 

 

Old saying, "There is nothing more permanent than a temporary measure".

AT&T Telephone tax of 1898 and voluntary income tax of 1913 would be some examples from the US.

Edited August 22, 2016 by robert k

[Gentleman.Jack.Darby]

3 minutes ago, davewe said:

Based on this thread I went into my Bank of America branch and told them about my future plan to live in the Philippines and my concerns about text security notifications. I was told by the Branch Manager that online I could change my primary way of contact; they recommended changing from text to email, which if I understand this all correctly should solve the problem. 

I wonder whether other banks and financial institutions also have the ability to change the default contact or security method?

Not discounting what the branch manager said, but I have never seen an option for getting the BofA SafePass code via e-mail on the SafePass section of the BofA website, so I would think it prudent to double-check that with the SafePass folks.

I use SafePass for two-factor authentication for **ALL** online transactions at BofA, ie; I have my account set up so that I must enter a SafePass code in addition to my logon credentials.

it is my understanding that **most** transactions **most** of the time can be done on the website without a Safepass code, but there are certain things, such as setting up a new bill payee, executing a wire transfer, or having a higher transfer limit that require a SafePass code - and, I would think, there might be the occasional time when the BofA website doesn't "recognize" one's computer or it "sees" that one is using a "foreign" IP address and then wants one to enter a confirmation code.

Offhand, I know that Chase will send a code to an e-mail address.

Fidelity uses Symantec VIP Access app on a smartphone.

Alliant Credit Union uses an additional security question, from a fairly long list, to which one has previously provided answers.

Citi doesn't uses TFA for personal accounts.

The following website seems to be up to date, based on my knowledge for accounts that I have:

https://twofactorauth.org/