How to ensure two-factor availability when traveling?

Not an American, but from my experience there’s no problem receiving SMS abroad.

When traveling abroad with no roaming plan, you can’t make it receive calls, and you can’t send text messages, but incoming text messages simply work, at no charge.

I never experienced significant delay also.

This of course requires keeping your home SIM card in your phone. That’s no problem of your phone supports dual DIM or eSIM. Of not, you may want to take an extra phone for the stole purpose of receiving SMS.

Of course, I can’t guarantee that it would work for you. Having a plan B is anyways good.

Try services that let you access SMS remotely

(Note: I’m an Indian, and my experience is with Indian and Japanese mobile providers [and to some extent travelling in the US], but I think this should work well enough in any combination of countries in which you can access the internet and Google services work fine.)

In the past, I have had some luck using the web interface of Google Messages (https://messages.google.com/web/) for accessing messages from an Indian SIM that I left behind on which I would get OTPs from Indian banks (none of the five banks I have had experience with support TOTP apps). To do this:

1. You need to authenticate the browser you’re using with the phone in advance.

   • However, this is done using a QR code, so if you have someone you trust that can unlock the phone for you, then you can authenticate while you’re already travelling, and the trusted person only needs to be available for the authentication, not whenever you need OTPs.
   • This can be a browser on another mobile device. I have used Firefox for Android without problems.

2. The phone must be powered on and have internet connectivity.

   • I used a spare, old phone, keeping it plugged into a charger and at home.
   • I think that if the phone reboots, it might need to be unlocked, but I’m not sure about that.

3. The browser needs to be re-authenticated periodically (every two weeks, IIRC).

   • If you’re travelling for more than that, you could set up an agreed-upon time with a trusted person to unlock the device and forward the QR code to the device.

Provided you set it up in advance, this can work without the involvement of anybody else for up to two weeks. Any longer or if you are already travelling, you’ll need somebody’s help.

With iPhones, I think messages can synced with a Macbook or similar Apple devices over iCloud. That might be an option if you’re in the Apple ecosystem.

Not going to rehash what has already been said, but just a few specific points:

• If you will be connecting from abroad, your IP address of the moment will reflect the fact that you’re abroad. So that means the risk of triggering "security checks" goes up. As an example, years ago I logged in to Paypal from Portugal, just to check my balance, and they blocked my account. Of course this is Paypal but this is a taste of situations that can arise when your browsing patterns change all of sudden.
• I too strongly recommend to ditch SMS and use TOTP whenever possible. My password manager (KeepassXC) does that, so no need to depend on Google or some third party authenticator. And it does form autocomplete too (convenience).
• SMS delivery is unreliable in general and not guaranteed when it involves roaming abroad
• Verify that your phone model is fit for use in the target country: frequency bands vary from one country/continent to another
• Regardless of what people are saying on the Internet, verify your current contract with Tmobile/Walmart – it may require adjustments to enable roaming abroad.
• I understand that having to reconfigure every service may be tedious. But assume the worst and start with the services that are the most critical to you, for example E-mail. Perhaps you usually connect through a web interface where 2FA can kick in but what about POP/IMAP access?

To address the suggestions from @BoppreH:

• Using a virtual number (VOIP) for SMS verification is a good idea but that too requires reconfiguring your services. And paying for an extra number you will only need sporadically. The problem (and irony) is that the supplier (Google or other) may itself trigger 2FA before granting access. So make sure it won’t be SMS, or you can choose among different options. A lot of people depend on Google for many things like E-mail. Being locked out of Google amounts to disaster so I recommend to minimize dependence on Google as much as you can. Having a single point of failure is risky.
• Using a VPN before you leave is also a strategy so that your providers "get used" to your newly-reported location. 2FA may kick in on first use, but you’ll be able to handle that while you’re still in the US. Downside: you’ll pay for this, and this not a silver bullet. Actually, IP address blocks that are known to belong to VPN providers can be deemed more risky, because there is a percentage of users who are up to no good, trying to conceal their true location to carry out objectionable activity.

Note: many services look at the device fingerprint – if they notice a change, you may have to prove it’s you. So if you try to access your services from a "new" device – and what’s more, from abroad – expect additional verifications.

My answer sounds like a product pitch but it’s not intend as such other than "it actually works". I have no affiliation with or financial interest in T-Mobile.

We use a T-Mobile plan in the US which comes with free data and texting in 100+ countries and is competitively priced. No need for the ridiculous fees that Verzion, AT&T etc charge for international service (which is typically something crazy like $10/day).

We’ve used it in over 30 countries so far and never had an issue. It’s on the slow side, but coverage is good and it’s certainly fast enough for authorization, Google Maps, and WhatsApp.

The phone works immediately when you enter a new country. You don’t have to do anything and there is no need for a SIM card or a local phone number.

Newer phones have "Wifi calling". Like the name implies, it lets your phone operates normally using Wi-Fi instead of cellular connection. My phone, Samsung A13 5G has it. It also has dual SIM slots, so I can use both my US and local SIM.

I never had any issues with 2FA when I was in Asia for almost 2 months. But having 2 SIMs did confuse some of the apps I installed (they checked for local phone numbers). So, I needed to disable one of the SIMs. And many times, I forgot to re-enable it. Lol.

You have a few options, ordered from most desirable to least:

1. Switch from SMS to Time-based One Time Passwords (TOTP) apps, as mentioned in the other answer. The codes are generated offline in your device, so you don’t even need internet connectivity. Important: when setting up TOTP for the first time with a service, you’ll be presented with a backup code. Save it somewhere safe, you’ll need it if you lose access to your device. Alternatively, you can save the QR code presented during setup.
2. Really, try TOTP first.
3. Switch from SMS to hardware keys like YubiKey, if the service supports it. Costs money and is not widely supported, but it’s more secure and also available regardless of connectivity.
4. Set your phone number to the one from your new international SIM card. Important: not all services accept international numbers.
5. The next options are last-resort, avoid them if possible.
6. Set your phone number to a voice-over-internet-protocol (VoIP) number, like Google Voice. You can then forward messages to your international SIM card, or read them from the app (depending on provider). Important: some services won’t send 2FA SMS messages to VoIP numbers.
7. Set your phone number to a trusted friend’s in the US, then call/message them as needed.
8. Leave your US SIM card with a trusted friend in the US, then call/message them as needed.

Relying on a friend’s availability is tricky, especially over large time zone differences. And be mindful of phishing attacks; make it explicit that you’ll call/message them each time you need a code, that they should only forward the messages to you, and to otherwise ignore any messages about that service.

And do a test run first, preferably still at home. If you can test with a VPN from the target country, even better. Security measures change depending on risk factors, and the service might be more stringent if it’s your first connection from that country.

You are right to be worried: text message (SMS) delivery is best effort only. When traveling internationally, they are all too frequently delivered late or never, and there is really no way around this because the protocol itself does not guarantee delivery.

The best option is to switch your second factor to an alternative method that does not rely on the phone network. Time-based One Time Passwords (TOTP) from free apps like Authy or Google Authenticator are common and supported by lots of popular apps like Gmail, Instagram/Facebook, PayPal, etc. Most banks also support alternatives to SMS, often through their own apps or sometimes via physical tokens, although these are a hassle and increasingly going away.