If you’re planning an extended stay overseas—anything from a month to a year or more—two-factor authentication (2FA) can quickly turn from a minor security annoyance into a major travel headache.
Banks, email providers, government portals, work accounts, and even airline loyalty programs all rely on 2FA to protect your data. The problem? Most people still use SMS-based codes tied to a home-country phone number, and that setup falls apart fast once you’re dealing with international SIM cards, eSIMs, spotty roaming, time-zone shifts, or a lost phone.
Here’s the good news: with smart preparation, you can make 2FA almost invisible during your trip. This guide walks you through exactly what to do before you leave and how to handle issues on the road.
Why Long Stays Create Unique 2FA Problems
Phone number changes: Switch to a local SIM or eSIM for cheaper data and calls? Your old number stops receiving texts. Many banks and services lock you out if the registered number is unreachable for weeks.
Roaming costs and reliability: International roaming can be expensive or flaky after 30 days. Some carriers throttle or block SMS after prolonged use, though Google FI seems to work for at least 3 months overseas.
Device loss or theft: A stolen phone in a foreign country means you lose both your primary authenticator and your recovery method.
Time zones and network issues: Time-based one-time passwords (TOTPs) are usually fine globally, but poor internet can delay app-based codes or email recovery.
Account flags: Banks often flag logins from new countries. Without advance notice, you could face extra verification steps when you need them least.
The solution is simple: stop relying on SMS entirely and build a resilient, device-independent 2FA system before you board the plane.
Pre-Departure Checklist (Do This 2–4 Weeks Before You Leave)
Identify every important account, site or app you’ll need: primary email, bank/credit cards, investment accounts, government sites (IRS, passport renewal portals, etc.), work VPN/Office 365, cloud storage, and travel loyalty programs.
Switch every account from SMS to an authenticator app or to use email-based authentication.
Authenticator apps (all free and cross-platform) can include:
Authy – Best overall for travelers. Cloud backup, multi-device sync, and works offline.
Microsoft Authenticator – Excellent backup options and easy to export.
Google Authenticator – Now supports cloud sync (turn it on in settings) and can be transferred to a new phone.
Aegis (Android only) or Raivo OTP (iOS) if you prefer open-source, fully offline options.
How to switch: Log in → Security settings → “Change 2FA method” → Disable SMS → Scan the QR code with your chosen app.
Test the new code immediately.
Generate and securely store backup codes. Many services give you a one-time list of 8–10 backup codes when you set up 2FA. These are single-use emergency codes that let you log into an account when your normal two-factor authentication (2FA) method isn't available.
Copy them into a password manager (Bitwarden, 1Password, or Proton Pass – all have free tiers).
Never store them in plain text, email, or notes apps.
Print one copy and seal it in a waterproof envelope in your checked luggage (or give a sealed copy to a trusted family member back home).
If you already set up 2FA on an account but didn’t save the backup codes, go to the security settings now and look for “Backup codes,” “Recovery codes,” or “Emergency codes” — most services let you generate them anytime.
Set up recovery options that don’t depend on your phone
Add a secondary email address (preferably a different provider, like ProtonMail or a family member’s Gmail).
If the service allows a backup phone number, use a virtual number from a service like Google Voice or a second eSIM that you keep active on a cheap plan back home.
For critical accounts (banks, email), enable “account recovery questions” or security keys if available.
Add a hardware security key as a backup layer. A hardware security key (also called a security key, FIDO key, or U2F key) is a small physical device—usually the size of a USB flash drive or keychain fob—that provides the strongest form of two-factor authentication (2FA) and account protection available today. Instead of receiving a code via text message or opening an app on your phone, you physically insert the key into your PC.
Consider a YubiKey 5 NFC or Security Key C NFC (around $25–$55).Register it on every major account that supports FIDO2/WebAuthn (Google, Microsoft, Apple, most banks now do).
Carry one on your keychain and leave an identical backup key with a trusted person at home.
This is the gold standard for long-term travel because it works without internet or a phone.
Use a password manager with built-in 2FA storage. Modern password managers can store your TOTP codes alongside passwords. Check your password manager to see if it supports this, and enable this feature so you only need one app open to log in.
Test everything before you travel.
Log in from a VPN server in your destination country.
Try accessing accounts on both your phone and a laptop.
Simulate a lost phone: turn off your main phone and see if you can still log in with backup codes or the hardware key.
On-the-Road Best Practices
Internet access is your lifeline. Use a reliable eSIM provider (Airalo, Nomad, or Holafly) for data, or Google FI if you are only overasers for 2 – 3 months. Keep a secondary offline authenticator app installed.
Time zones don’t matter for most TOTP apps. They generate codes based on UTC time, so a 12-hour difference won’t break them.
If you get a local SIM… Do it after you’ve fully migrated away from SMS 2FA. Keep your old number active on a cheap international plan or Google Voice for the first 30–60 days as a safety net.
Lost or stolen phone protocol
Immediately use backup codes or hardware key to log into your password manager.
Disable 2FA on affected accounts from another device and re-enroll a new phone.
Use remote wipe features (Find My iPhone, Google Find My Device).
Bank and service alerts - Email or call your bank’s international desk before departure. Tell them your exact travel dates and new countries. Many will temporarily raise your fraud tolerance or note your IP range.
Public Wi-Fi safety - Always use a reputable VPN (Mullvad, ProtonVPN, or ExpressVPN) when logging into accounts from cafés or hotels.
Advanced Options Worth Considering in 2026
Passkeys (passwordless login) - Supported by Apple, Google, Microsoft, and most major banks. They’re tied to your device’s biometrics and are phishing-resistant. Enable them wherever offered—they eliminate 2FA codes entirely for those accounts.
Multi-device authenticator sync - Authy and Microsoft Authenticator let you approve logins from a tablet or second phone. Set this up before you leave.
Enterprise accounts - If you have work email or VPN access, talk to your IT department now. Many companies can issue you a corporate authenticator or temporary access codes.
Final Takeaway
Spending a month or longer overseas doesn’t mean you have to choose between security and convenience. The key is to treat 2FA like any other travel essential: prepare it in advance, test it, and have multiple redundant ways to access it.
Do the checklist above and you’ll spend your trip exploring instead of frantically trying to receive a text message that never arrives. Your future self—sitting in a café in Lisbon, Chiang Mai, or Cape Town with seamless access to every important account—will thank you.
Check our our site 89DaysAway.com for more about slow travel and expat life. Safe travels, and stay secure!
