24 bucks US. Amazon. YubiKey NFC
Yubico FIDO Security Key NFC - Two Factor Authentication USB and NFC Security Key, Fits USB-A Ports and Works with Supported NFC Mobile Devices – FIDO U2F and FIDO2 Certified - More Than a Password https://www.amazon.com/dp/B07M8YBWQZ/ref=cm_sw_r_cp_api_glt_fabc_PBR4B8A919THJ7SZT2D5
Red Pocket wouldn't be a solution for you, since it does not offer international roaming (you wouldn't be able to use the number in Mexico).
The only solution would be to sign up with a mobile carrier that does offer international roaming. I don't want to list competitors here, but you should be able to easily find one that meets your needs, after some Googling.
If Bank of America is your only problematic business, you can authenticate with them using a hardware security key (FIDO U2F) instead of using SMS. Go to the security section on BofA's website to set it up.
You can buy a key on Amazon: https://smile.amazon.com/Yubico-Security-USB-Factor-Authentication/dp/B07M8YBWQZ
These keys are the gold standard in authentication.
And, before someone suggests it, NO, Google Voice won't work for this.
The Feitian ePass K40 is approximately equivalent in features to the Yubico Security Key, not a YubiKey 5 series key.
You can look up the difference between Yubico Security Key and YubiKey 5 series yourself.
Feitian has next to no documentation on what FIDO2 features/specs are supported on their keys, such as credential management (e.g., delete FIDO2 resident credential), hmac-secret extension and the max number of resident credentials allowed unlike Yubico.
Yubico beats every other manufacturer of FIDO keys when it comes to documentation, trust (due to their past incident responses) and build quality/customer support.
I'm assuming the company is legit and meets a high bar.
Feitian is a legit Chinese company (been around for longer than Yubico) - their US ops are handled from their US based company, which is the Amazon seller on the listing you linked to.
And their products are pretty good too, but that doesn't mean they are cheaper than Yubico or worth the price. Their FIDO2/NFC consumer product pricing is really on par with Yubico (and IMHO, not that competitive given the support/build quality).
Most people prefer products that originate exclusively in US and allied countries, especially Federal contractors and the likes. Yubico is far more accountable to these Western government entities (and citizens) than Feitian, especially when it comes to FIPS compliance, software/UX, firmware and recalls.
So, for a US/Sweden manufactured key, Yubico's pricing is pretty good.
BTW, there's many more companies with $20-$30 FIDO2 keys. GoTrust (Taiwan/US) has the Idem Key, TrustKey (US) has TrustKey T120 and Hypersecu (Canada) has HyperFIDO Pro Mini which is a Feitian rebrand. No idea on the durability of these or the country of manufacture otherwise.
Google's own Titan BT/USBA keys etc are made by Feitian
Yubico wrote a blog post about Google (Yubico's long time partner) deciding to go with Feitian:
https://www.yubico.com/blog/the-key-to-trust/
A year later, it was proven that Yubico was right to not release BLE keys:
I wouldn't say that Feitian cannot be trusted, since Yubico has replaced keys for worse mishaps. But I have far more trust in Yubico than Feitian. I don't think Feitian would have replaced those keys if they were not working with Google.
Great post. Has it been moved somewhere else? If you don't need TOTP then you can get FIDO 2 U2F NFC key or $24.50