I am not receiving some short codes from 2 banks ( 2FA works, but other applications they use)

For some reason Fizz does not always work for 2FA, something they need to improve ASAP imo as an authenticator app is not always supported

Some text messages sent by businesses such as 2-step verification messages may not be sent to your phone properly.

Which sadly is no better than what third-party VoIP providers can offer. Makes you wonder why pay extra for a "proper" voice/text line if there is no extra reliability.

Found this, but not on the Fizz site.

“ Service Provider Policies: Some companies, especially financial institutions, may use older 2FA systems that can't handle virtual phone numbers or certain carriers, mistakenly identifying them as potential fraud risks.”

I don’t think this type of problem can be blamed on Fizz.

2FA using email or sms is an aging security implementation that is not as secure as one is led to believe. It is far too easy to hijack an email address or phone number through social engineering. This is a very frequent theft in my city with a particular internet service provider. They call the service provider, get control of the email, and go from there with e-transfers.

Passkeys are the best solution for now, but as always, financial institutions are slow to change their security systems.

An internet search will tell you which financial institutions use passkeys in Canada. Sadly not many, yet.

Cheers,
Brad

@BradDoell said:
Found this, but not on the Fizz site.

“ Service Provider Policies: Some companies, especially financial institutions, may use older 2FA systems that can't handle virtual phone numbers or certain carriers, mistakenly identifying them as potential fraud risks.”

I don’t think this type of problem can be blamed on Fizz.

If Fizz' phone numbers are mistaken for "virtual" phone numbers, then Fizz is very well responsible for it. After all, who makes the decision where to source phone numbers from?
Also, this whole practice to classify phone numbers by carriers as potential fraud risks, and then refuse to send 2FA notifications to them, is despicable. Designed only to keep smaller, cheaper service providers off the market and force customers onto a well-established (and thus "trusted") oligopoly.

2FA using email or sms is an aging security implementation that is not as secure as one is led to believe. It is far too easy to hijack an email address or phone number through social engineering.

While I mostly agree with you, it is irrelevant. As long as there are so many players in the market who make 2FA mandatory but then only offer it through text messaging, what is a poor consumer to do? Where there are no alternatives, there are no alternatives.
And when your cell phone carrier then decides to source phone numbers from sources that are subject to such "potential fraud risk" blackouts, then the system is just not working anymore.