You land in Tokyo, open your banking app to check your balance, and it asks for a verification code sent to your phone number. Your travel eSIM is data-only. The SMS never arrives. Your account is locked.
This scenario is one of the most common surprises for travelers who switch to eSIM without thinking through two-factor authentication (2FA) first. It's not a problem with eSIM itself — it's a mismatch between what your travel setup provides and what certain security systems expect. Once you understand the distinction, avoiding the headache is straightforward.
The Core Issue: Data vs. Phone Number
Most travel eSIM plans are data-only. That means you get mobile internet, but no phone number tied to the eSIM. If you want to understand why that is, this article covers the technical and commercial reasons in full. The short version: eSIM providers source data from wholesale carrier agreements that don't include voice and SMS infrastructure.
Two-factor authentication comes in several forms, and they behave very differently in this context:
- SMS codes (OTP) — Sent as a text message to your registered phone number. Requires a SIM with an active number.
- Authenticator apps — Generate time-based codes locally on your device (Google Authenticator, Authy, Microsoft Authenticator). No number needed, no internet needed.
- Email-based codes — Sent to your email address. Works fine with data-only eSIM as long as you have internet.
- Push notifications — App sends an approval request to your device. Works with any internet connection.
- Hardware keys — Physical devices like YubiKey. No connectivity needed at all.
The only type that breaks with a data-only travel eSIM is SMS-based 2FA — and only if your home SIM is removed or inactive.
Your Home SIM Is the Key Variable
Most travelers use eSIM as a second profile alongside their existing physical SIM. If your phone supports dual SIM (one physical, one eSIM), you can keep your home SIM in the phone while the travel eSIM handles your data. In that case, SMS codes still arrive on your home number without interruption.
This is actually how the majority of travelers use eSIM, and it's the cleanest solution. Your travel eSIM gives you cheap local data; your home SIM receives calls and texts when needed. You never lose access to SMS 2FA because you never lost your phone number.
Read more about running eSIM and a physical SIM simultaneously — it covers which phones support this and how to configure data routing so you're not accidentally using expensive roaming data from your home carrier.
If your phone supports dual SIM and you keep your home SIM active, SMS-based 2FA continues to work exactly as it does at home. No changes needed.
When Your Home SIM Is Out of the Picture
Things get more complicated if you've removed your physical SIM or your home carrier suspends service when you're abroad (some prepaid plans work this way). In that case, SMS texts simply won't reach you.
Before traveling, it's worth auditing which services rely on SMS 2FA and deciding what to do about each one:
- Banking apps — Most banks send OTPs to your registered number for logins and transfers. Some offer app-based authentication as an alternative. Check your bank's settings before you leave.
- Google/Apple accounts — Both support authenticator apps and push notifications in addition to SMS. Switch to a non-SMS method in your account settings.
- Social media accounts — Instagram, X, Facebook all support authenticator apps. Enable one before you travel.
- Work systems (VPN, email, Slack) — Many corporate tools use push-based 2FA through apps like Duo or Okta, which work fine on data alone.
Authenticator Apps: The Reliable Alternative
If you're not already using an authenticator app, traveling is a good reason to start. Apps like Google Authenticator, Authy, and Microsoft Authenticator generate 6-digit time-based codes that rotate every 30 seconds. They work completely offline — no SMS, no internet required at all.
Setup is a one-time process: you scan a QR code from the service's security settings and the app is linked. From then on, you use the code from the app instead of waiting for an SMS.
Authy is particularly useful for travelers because it supports encrypted cloud backup of your authenticator tokens. If your phone is lost or stolen, you can restore all your 2FA codes to a new device. Google Authenticator requires a different recovery process (exporting to a new phone) that can be inconvenient when you're on the road.
Don't switch your 2FA settings the night before a flight. Make changes at least a week before travel, verify everything works, and keep backup codes printed or stored securely.
Banking Apps Deserve Special Attention
Banking is the area where 2FA complications cause real problems for travelers. The concern isn't just receiving codes — it's that banks often flag logins from foreign IP addresses as suspicious, triggering additional verification steps beyond normal 2FA.
A few things worth doing before you leave:
- Log in to your bank's website and check what 2FA options are available. Many banks now offer authenticator app support or push notifications through their mobile app.
- Enable in-app authentication if your bank offers it. This works on data connection and doesn't depend on your phone number.
- Notify your bank you'll be traveling. This won't always prevent verification triggers, but it helps avoid account freezes.
- Transfer the money you'll need to a travel-friendly card (Wise, Revolut, etc.) before you leave. These apps have better international support and more flexible 2FA options.
This is also covered in our article on using banking apps and OTP codes with a travel eSIM, which goes deeper on specific bank scenarios and what to do when you're already abroad and locked out.
What About WhatsApp and Messaging Apps?
WhatsApp and similar messaging apps verify your account via SMS when you first set them up or when you restore to a new device. If you're already logged in and don't sign out, this isn't an issue — WhatsApp works perfectly on data alone.
The problem arises if you reinstall the app or need to verify your number while abroad without SMS access. WhatsApp offers a call-based verification as a backup (it reads you a code over a voice call), but that also requires a working phone number.
The simple rule: don't uninstall or log out of WhatsApp while traveling unless you've confirmed you can receive SMS or calls on your home number. See more on calls and SMS with a data-only eSIM to understand what voice options you actually have.
Travel eSIM Doesn't Mean Losing Your Number
A persistent misconception is that using a travel eSIM means your phone number changes or disappears. It doesn't — unless you deliberately cancel your home plan.
Your home number stays active on your home SIM. The travel eSIM is an additional data connection, not a replacement identity. Your contacts still reach you on the same number. Your bank still sends codes to the same number. Nothing changes from the outside — you just have better data abroad. This is explained more fully in does eSIM change your phone number.
The only scenario where your number effectively disappears is if you put your phone in airplane mode and use only Wi-Fi and the eSIM, with the physical SIM disabled. Even then, your number still exists — the SIM just isn't connected at that moment. Texts will queue up and arrive when the home SIM reconnects.
A Pre-Travel 2FA Checklist
Ten minutes before your trip can prevent serious access problems abroad. Run through this before you leave:
- Confirm your phone supports dual SIM (eSIM + physical SIM simultaneously).
- If keeping your home SIM active, verify it will receive SMS abroad (most plans do, even if data is expensive — texts usually come through).
- For your most important accounts (banking, work email, Google/Apple ID), check what 2FA method is set and whether there's an app-based alternative.
- Install an authenticator app and move at least your critical accounts to it.
- Save backup/recovery codes for all accounts that offer them. Store them somewhere accessible offline.
- Test everything works before you travel — log out and back in with the new 2FA method.
This isn't specific to eSIM — it's good practice any time you travel internationally. But the shift to data-only connectivity makes it more relevant than ever.
The Bottom Line
For most travelers, 2FA while using a travel eSIM isn't a problem at all. If you keep your home SIM in the phone alongside the eSIM, SMS codes keep arriving normally. If you use authenticator apps (which you probably should anyway), you never depended on SMS in the first place.
The travelers who run into trouble are those who remove their home SIM entirely and haven't thought about which accounts send verification codes to that number. A bit of preparation before the trip covers it. Once you've checked your key accounts and switched the critical ones to app-based 2FA, you can travel with a data-only eSIM and never worry about a locked account at the airport.