How to get verified when you don’t have your phone

Imagine your phone has been stolen or hacked and you need to verify your identity to change bank account passwords. But then you discover that the only way to do this is with a code sent to….you guessed it – the phone you no longer have control of.

Or say you are at work registering to buy tickets for Talyor Swift’s new tour and the clock is ticking. But there is a problem – you don’t have cell signal, and you need a One-Time-Pincode (OTP) sent to you by SMS to verify that you aren’t a ticket-hogging bot.

We can tell you how to avoid getting into this situation (which we will later on), but that won’t help you right now. You want to know how to bypass the verification process or receive an OTP verification some other way.

We are here to help!

How to get a verification code without your phone

There is no single answer to this question as two-step verification can be implemented in all sorts of ways. However, we can provide a checklist that you can use to hopefully find a solution for your specific situation.

1. Check for alternative verification methods

Before anything else, look at your sign-in screen carefully. Most platforms offer more than one verification option. You might see:

• Backup email: A code sent to your recovery email address
• Security questions: Answers you set up when creating the account
• Recovery phone: A secondary phone number you registered
• Voice call: Some services can call a landline instead of sending SMS

Click “Try another way,” “More options,” or “I can’t access my phone” — the wording varies by platform, but most sign-in pages include an alternative path.

2. Use another trusted device

If you’ve previously signed in on a tablet, laptop, or old phone, that device may still be authenticated. Maybe a tablet, your work computer, or even an old phone could be used (you wouldn’t have mobile signal without a SIM card but could connect to the internet).

Using this device you may be able to:

• Approve a sign-in request from a push notification on your tablet
• Access your account directly from a device that’s still logged in
• Use a browser that has saved your credentials

3. Use a pre-generated backup code

Some organizations provide a set of codes that can each be used once in place of a dynamically generated OTP message. Hopefully you saved these somewhere safe when you first set up your account, but if you didn’t you may be able to log into your account on another device and retrieve them. Check the following:

• Your password manager
• A printed sheet in a safe or drawer
• A secure notes app on another device
• Your email (some services email backup codes during setup)

Each backup code typically works only once, so cross it off after use.

4. Use an authenticator app

If you’ve set up an authenticator app like Google Authenticator, Microsoft Authenticator, or Authy, you can generate verification codes on any device where the app is installed — no phone signal required. The codes work offline since they’re generated using a time-based algorithm (TOTP).

A key advantage is that Authy and Microsoft Authenticator offer cloud backup and multi-device sync, meaning you can access your codes from a tablet or computer even if your phone is gone. Google Authenticator added cloud sync in 2023, so check if you enabled it.

5. Use a QR code for authentication (when you have your phone but no mobile signal)

Some websites and apps support verification by scanning a QR code. If you have another device with a screen, like a computer or iPad, you can use it to display a QR code from a website or app, then use your phone camera to scan the code. Platforms that support this option include:

• WhatsApp Web and Desktop
• Telegram Desktop
• Discord
• Various banking apps

6. Can you authenticate yourself biometrically?

Face ID, fingerprint scanning, and other biometric methods can bypass phone-based verification entirely. If you’ve set up biometrics on a laptop, tablet, or even a smartwatch, you can use them in place of verification codes.

Modern devices increasingly support platform-level biometrics:

• Windows Hello on laptops and desktops
• Touch ID on MacBooks and iPads
• Face ID on iPads
• Fingerprint readers on Android tablets

7. Does the organization have a call center?

When self-service options fail, contact the platform’s support team directly. Be prepared to verify your identity through other means:

• Government-issued ID
• Account creation date
• Recent transaction history
• Previous passwords
• Linked payment methods

Many major platforms have dedicated account recovery teams. Google, Microsoft, and Apple all have step-by-step recovery processes (see the platform-specific section below).

8. Get verified by other users (social recovery)

Some platforms allow trusted contacts to help you regain access:

• Facebook lets you designate “Trusted Contacts” who can send recovery codes
• Apple has an Account Recovery Contact feature
• Some crypto wallets use social recovery (multiple guardians must approve)

This is becoming more common as platforms recognize that phone-based verification isn’t always reliable.

9. Use a virtual or temporary phone number

Virtual phone number services can receive SMS verification codes through apps or web interfaces. Options include Google Voice, TextNow, and various paid services. However, important caveats:

• Many platforms block VoIP numbers for verification, especially banks and financial services
• Free services are unreliable — numbers get recycled, and other users may receive your codes
• Security risk — if someone else gains access to your virtual number, they can intercept your codes

Use virtual numbers only as a last resort, and never for sensitive accounts like banking or email.

10. Use passkeys (passwordless authentication)

Passkeys are the newest and most significant development in verification. Instead of sending a code to your phone, passkeys use cryptographic keys stored on your devices, unlocked by your fingerprint, face, or screen lock. No phone number, no SMS, no codes to intercept.

This may not be an option for you right now, but it is taking off in a big way and is most likely the way that we will all be authenticating ourselves in the near future.

• Over 1 billion people have activated at least one passkey
• 15 billion online accounts now support passkey authentication
• Google reports 800 million accounts use passkeys, with 2.5 billion passkey sign-ins over the past two years
• Microsoft says 98% of passkey logins succeed, compared to just 32% for traditional passwords
• Amazon created 175 million passkeys after making them available to all users

If you’re setting up accounts today, we strongly recommend that you choose the passkey option if it is available. 

Platform-specific verification recovery

Microsoft account

1. Go to account.live.com/password/reset
2. Enter your email or phone number
3. Select alternative verification:
   • Backup email
   • Authenticator app approval
   • Passkey (Microsoft made passkeys the default for new accounts in May 2025)
4. If no options work, submit an account recovery form with identifying details

1. Go to the Google Account Recovery page (accounts.google.com/signin/recovery)
2. Enter your email address
3. Click “Try another way” if phone verification appears
4. Google will offer alternatives based on your account setup:
   • Backup email verification
   • Security questions
   • Previous password you remember
   • Verification on a device where you’re already signed in
   • Passkey on another device

If all else fails, Google’s automated recovery process asks identity-verifying questions (account creation date, frequently emailed contacts).

Tip: If you use Gmail on your computer or tablet, you may be able to approve a prompt directly without needing your phone.

1. Go to iforgot.apple.com
2. Enter your Apple ID email
3. Recovery options include:
   • Verification on another Apple device (Mac, iPad, Apple Watch)
   • Account Recovery Contact (if you set one up)
   • Recovery Key (if you enabled it)
   • Apple Support escalation for identity verification
4. With iOS 26 (2025), Apple introduced passkey portability so you can now move passkeys between Apple and third-party password managers

Important: Apple’s recovery process can take several days if you don’t have access to a trusted device. Set up an Account Recovery Contact proactively.

Bank verification is typically stricter due to financial regulations:

1. Call the number on the back of your card as this is always the fastest path
2. Visit a physical branch with government ID
3. Some banks offer email-based verification as a backup
4. Capital One and others may verify through security questions and transaction history

Important: Banks rarely accept virtual phone numbers or VoIP for verification. Always register your actual phone number with your bank.

• Telegram: Go to telegram.org and click “Log in by phone number.” If you can’t receive the SMS, Telegram can send a code via a Telegram session on another device. You can also set up a cloud password (2FA) as a backup.
• WhatsApp: Requires SMS or voice call verification to your number. If you’ve changed numbers, use the “Change Number” feature in WhatsApp settings before losing access to your old number. WhatsApp does not offer email-based recovery.

There can be all sorts of reasons for not receiving codes. It could be a temporary network glitch that will rectify itself in a few minutes, or a setting on your phone that needs to be changed. Here are some options that you can check.

Check the basics

• Did you enter your phone number correctly? You could have made a simple typo or the service may require the number to be entered in a particular format e.g. no spaces
• Make sure your phone has signal — restart it or toggle airplane mode on and off
• Check that you haven’t blocked messages from unknown senders

SMS-specific issues

• Wait 1-2 minutes – codes can be delayed during high traffic
• Check your spam/junk message folder
• Some carriers block short-code messages by default – contact your carrier to whitelist them
• If you recently ported your number, SMS delivery can take 24-48 hours to normalize

Email codes

• Check your spam/junk email folder
• Search for the sender domain (e.g., “google.com” or “microsoft.com”)
• Make sure your mailbox isn’t full

Still stuck? If codes consistently fail to arrive, your carrier may be filtering them. Contact your mobile provider and ask them to check for short-code blocking or message filtering on your number

There are lots of ways that you can avoid getting into the situation where you are unable to complete a verification process because you can’t access your phone or don’t have signal.

Don’t wait until you’re locked out. Take 10 minutes to set up backup verification methods today:

1. Set up passkeys where available

This is the single most effective step you can take in 2026. Passkeys work across devices, don’t depend on your phone number, and are more secure than SMS codes. Enable them on Google, Apple, Microsoft, Amazon, and any other platform that supports them.

2. Register multiple backup methods

Add a secondary email, backup phone number, and security questions to every important account. The more recovery options you have, the less likely you are to get locked out.

3. Save backup codes securely

When you enable 2FA, most platforms give you a set of one-time backup codes. Print them out and store them somewhere safe (not on your phone). A password manager is also a good option.

4. Use an authenticator app with cloud sync

Authenticator apps like Authy or Microsoft Authenticator offer cloud backup, so you can access your codes from multiple devices. This protects you if your phone is lost or replaced.

5. Set up trusted devices and contacts

Mark your laptop, tablet, and other devices as trusted. On Apple, set up an Account Recovery Contact. On Facebook, designate Trusted Contacts. These create alternative paths to verify your identity.

6. Use a hardware security key

For maximum security, a physical security key (like YubiKey) works with most major platforms and doesn’t depend on your phone at all. It’s especially valuable for high-security accounts like email and banking.

7. Keep your recovery information updated

Every time you change your phone number, email address, or device, update your recovery settings. This takes seconds and can save hours of frustration later.

Why phone verification exists (and why it sometimes fails)

Two-factor authentication (2FA) exists for good reason. Research shows that MFA reduces the risk of account breaches by more than 99.9% and can block 100% of automated bots, 96% of phishing attacks, and 76% of targeted attacks. With cyberattacks costing businesses an estimated $14.7 billion in 2024, the $15-per-user annual cost of implementing 2FA is a no-brainer for most organizations.

But SMS-based verification has a fundamental weakness: it assumes you always have access to your phone. Common scenarios where this breaks down:

• Lost or stolen phone: You can’t receive SMS or calls at all
• Broken screen or water damage: Phone works but you can’t interact with it
• No cell signal: Common in rural areas, underground locations, or during international travel
• Changed phone number: Your old number is still linked to your accounts
• SIM issues: SIM card failure, porting delays, or carrier problems
• Battery dead: No way to receive codes when you need them most

For businesses, every verification failure is a lost customer interaction. When users can’t complete phone verification, they abandon sign-ups, miss transactions, and flood support channels.

The solution is omnichannel verification — offering multiple authentication paths so customers always have a way to verify:

• SMS OTP: The most widely used channel, reaching virtually all phones
• WhatsApp OTP: Higher delivery rates in markets where WhatsApp is dominant (Latin America, South Asia, Europe)
• RCS OTP: Rich messaging with branded sender verification, reducing phishing risk
• Email OTP: Fallback for users without phone access
• Push notifications: For users with your app installed
• Silent network authentication: Verifies the user’s SIM in the background with zero user interaction, eliminating friction entirely

The key is fallback chains: if SMS fails, automatically try WhatsApp, then email, then voice. This ensures delivery without requiring the user to do anything. With SMS-based 2FA still used by 41% of users but declining due to SIM-swapping threats, businesses need to offer alternatives before customers get locked out.

Explore Infobip’s authentication solutions to build reliable, omnichannel verification that keeps customers verified and converting.