Dealing with security codes

On a few of our websites, we are now using security codes that are sent to your cell phone. Does anyone have recommendations on how to handle?

I had automated the submission of the username and password screen. I then added a waitForElement with a long time limit for a element that is on the homepage of the website before continuing execution. In between the username/password screen I have the user manually type in the security code and hit enter. Execution of this has been flaky. Automation may be looking at the security code page for the element. Would it be better to pause the test and then have the user resume the test in Katalon Recorder when ready?

my suggestion is that after submission of username / password a manually input (from Katalon recorder) opens and asks for the scurity code … there is an example:

Yikes, the test script should not have to pause for a human to intervene. I have solved this problem using the Twilio Programmable Messaging API. Twilio provides a phone number that can receive SMS. I enter this as the user’s phone number when setting up the test case. When the AUT prompts for the verification code, I call a keyword function I wrote that requests the SMS messages from the Twilio API and returns the 2 factor code sent after the time the code was requested, complete the authentication and continue the test.

Alternatively, you could have the developers of the application provide a bypass for the verification code in the environment you run tests.