I've signed up with voip.ms, which provides me a pay as you go sms number for basically $0/mo. since I only use it for auth.

Many services go out of their way to detect and block the use of VoIP numbers for SMS auth :s

I consistently use voip.ms for auth codes from my bank (TD), Whatsapp, Signal, and more that I'm likely forgetting. Highly recommend them.

What's the reasoning behind that? Maybe to prevent bots?

I'd start with VOIP numbers being so easy to spoof... and move onto the entire telephone network being insanely insecure and unverified, despite decades of efforts to link people to telnos -- until they implement actual caller-recipient full verification, they've effectively got nothing.

> until they implement actual caller-recipient full verification

Is it even possible to do this at this point? I'd expect something like this to fundamentally change the way telephone networks work.

Not sure how fundamental it is, e.g., is it fundamental to bar ad-hoc caller-ID functions and require displaying the actual number & name of the account (maybe allowing additional info also)? Telcos already pass on this info - how big a deal is it to transmit accurate data?

But even if it is fundamental, such fundamental change is needed.

Part of the problem I believe is a great many people (even the telcos) view voice calls as a dead technology on it’s last legs. Almost no one wants to invest in it, and even fewer technical people want to build a career on figuring these issues out.

If regulators and the industry saw a future in figuring this out (as compared to dealing with another hassle from a unsexy legacy technology mostly used by old folks), it would have been solved a long time ago.

Maybe look into whether you can get a Skype number set up to receive the SMSs. Some countries/banks will work with this arrangement.

But I feel your pain. It is very frustrating situation to be in.

For some countries (USA) you can forward your number to a google voice number and retain incoming sms. Call forwarding isn't possible to my knowledge.

Porting my number to Google voice before moving abroad was one of the smartest things I’ve ever done (in hindsight), for this reason.

I sometimes wonder why Google has kept it running for so long, when they’re so keen to kill off boring, under-performing products.

Why cancel your old phone number in that country when you still have a bank account there?

I suggest a bank which doesn't suck, such as bunq.

It can be costly.

I moved from Ireland to the US and kept my Irish number active - the cost was a €5 topup every 6 months.

Going in reverse is much harder - a lot of the budget phone providers in the US don't have any roaming offering. Best I can tell, you really need to have an account with a real provider, and that realistically looks like $20/mo (Google Fi), 20x more expensive than the reverse.

Then it sounds like changing bank is a better answer for many.

This oversimplifies the situation - if every US bank uses SMS and you want to retain a US bank, what do you do?

That's such a huge "if" that an alternative immediately came to mind:

TransferWise doesn't require a US phone number, but you can have a US account number with them.

Maybe they didn't know they needed a phone number to maintain access to the account?

Let's not blame the victim here.

The bank is at least equally at fault, if not more so.

I would never think my phone # was the only proof of identity.

If that's what your bank had been using during the login flow...

if you immigrate, like I did, but still have some pension funds or saving accounts in your home country. Why would I want a local phone line?

So your bank can send you the SMS you need to sign in (which in itself indicates their security is poor).

most banks don't support international numbers if that what you meant

No, that's not what I meant.

what did you mean then?

Banks which rely on SMS 2FA should not be trusted with your money.