Flow for alternate (to SMS) security verification
For our 2FA (2nd Factor Authentication) process, we default to having an SMS sent to the user's phone. This is causing issues for users who can't receive SMS messages; eg, they're overseas. The safety-net we have to allow an alternate method of verification is a 'verify another way' button on the SMS code entry screen, where the user will be directed to answer security questions they have set up. However, we are receiving feedback from users, and the business, that there are problems actioning the alternate method, with suggestions being everything from 'make the button bigger' to an interstitial screen to select between SMS or Security Questions. Any thoughts? I was hoping a technical solution could change the default, from SMS to security questions, if we could find out the user's phone was not able to receive SMS messages - but that's not possible atm.