Many websites and apps give you the option of setting up two-factor authentication (2FA) as an extra layer of security when logging in. Using your phone as your 2FA verification seems so easy — you receive a text, phone call, or a push notification to verify it's you, and that’s it. But what if you've lost your phone and can't access any of your accounts anymore? Don't panic just yet — you can still use 2FA without a phone. Let’s see what you can do if you’ve lost your 2FA device and what alternative methods you can try.
Contents:
Backup codes: The easy way to recover your account
When you set up 2FA on most sites, including Google, they provide you with a set of unique recovery codes. These codes are combinations of random numbers, but sometimes they include letters. Each backup code can be used once to log in to your account.
Tip: Save your backup codes in a secure location offline.
Don’t save your recovery codes in the cloud, like your emails or notes. Your email or cloud storage accounts and devices can be hacked, lost, or stolen, and you would risk losing access to the codes. Instead, use a flash drive, external disk drive, or an encrypted password manager to store your backup codes securely. If you want to get more creative, you could store them on an old, factory-reset phone, a Kindle, or an iPad, and set the device to offline mode for increased security.
Transfer your old phone number to a new phone
If you didn't save your backup codes and have lost the phone that you use for two-factor authentication, try calling your mobile network operator to transfer your old number over to a new phone. To do this, you’ll need to activate a new SIM card, which might take some time. But once you have your old number working again, you can receive 2FA verification codes as usual.
Tip: Erase your old phone remotely.
You may be able to remotely erase your lost phone if you've previously activated the feature in settings. Use Apple's “Find my” or Google's “Find my device” services to view your phone’s location and delete its contents. This helps prevent malicious actors from accessing the 2FA on your lost phone and breaching all of your accounts.
Have your verification code sent to your backup phone
When you set up two-factor verification, you may be able to set a backup phone in case you lose access to your main number. If you've done this on Google, for example, select “Try another way to sign in” and have your verification code sent to your backup phone.
Tip: Use a trusted family member or friend’s number as a backup.
You can add their number as a trusted backup source in case you lose access to your phone. A phone number is only part of the verification process for most accounts, so it's a good idea to use this method for accounts like Apple ID or Google. They often develop alternative recovery processes that are intentionally time-consuming to deter criminals. That's why having a trusted friend receive your codes can be a massive relief during emergencies.
Set up 2FA on two different devices
Having a secondary device with your 2FA is a great backup if you ever lose your primary phone. Authentication apps like Authy and Google Authenticator exist to help you manage your 2FA codes in one place. The latter, for example, lets you scan a unique QR code to verify it's you. Keep a screenshot of the QR code on a secondary device or print it and store it in a secret location to use in dire situations.
Contact customer service
If you’ve lost access to the 2FA on your phone and don’t have a backup, customer service departments are there to help. While proving your identity and going through recovery processes can be difficult and time consuming, your service provider may offer some quicker verification methods, like confirming your bank card details, unique security numbers, or home address. Either way, forgetting passwords and losing devices is common, so it's always worth a call before you give up.
Use passkeys
One way not to worry about losing your authentication access is switching up how you log in to your accounts. As an alternative to the classic username-and-password combination, some platforms have begun supporting passkeys — a passwordless authentication method that combines biometric authentication with cryptographic keys. This allows passkeys to work reliably while maintaining a similarly robust level of security as credentials reinforced with 2FA.
A passkey consists of a public and a private key. The public keys are kept on the website server side, while the private key is stored in the user’s device. Whenever you log in to your account, the keys must match. If you don’t have access to one of them, the other is useless.
Password managers like NordPass let you store and manage passkeys in an encrypted vault. This means that even if you lose your phone, you can still use any passkey stored within NordPass, preventing you from getting locked out of your personal accounts.
There’s one caveat: Passkey adoption is not yet universally available. Although some major service providers, like Microsoft, Apple, Amazon, or PayPal, offer passwordless authentication, and new services join this list every day, you might need to give it some time before you can leave all your passwords in the past.
What should you do if you lose a phone with Google Authenticator?
Losing a phone with the Google Authenticator app installed can be concerning if you use it to secure your online accounts with two-factor authentication. If you find yourself in this situation, you can keep your accounts secure with a few extra measures.
Log in using an alternative method
If you've set up alternative methods for account recovery, such as a backup email address or phone number, use one of these options to regain access to your Google account. Visit the Google Account recovery page and follow the prompts to verify your identity. Once you've successfully regained access, make sure you change your Google account password to ensure the security of your account.
Erase your device remotely
If your lost phone with 2FA is associated with your Google account, you can use the "Find my device" feature to locate, lock, or erase your phone remotely. For example, if you are an Android user, you can go to Google’s “Find my device” website and log in using your Google account credentials. Then, locate your lost phone on the map and choose "Secure device" or "Erase device" to protect your data from unwanted exposure. A similar process applies to iOS devices. Bear in mind that this process can only work if the lost phone with Google Authenticator is turned on, logged into a Google Account, and connected to the internet.
Use a new phone to set up or restore Google Authenticator
You can easily set up the Google Authenticator app on your new phone. Whether you prefer Android or iOS, Google uses the same setup steps for both.
Download the Google Authenticator app from the relevant app store — Google Play for Android, the App Store for iOS — on your new device.
Open your “Google” or “Gmail” app, tap the profile picture at the top-right corner, and select “Manage your Google Account.”
In the “Security and sign-in” settings, locate "Two-step verification" and select “Authenticator.”
Select "Set up authenticator" to access a QR code.
Scan the QR code using Google Authenticator and select "Next."
Back in the Google settings, enter the six-digit verification code provided by Authenticator and select "Verify" to confirm.
If you’re unable to scan the code:
Select “Can’t scan it?” and copy the key provided.
Open the Authenticator app, tap the plus sign at the bottom-right corner, and select “Enter a setup key.”
Enter your email address and paste the key. Select “Time-based” for the key type.
Tap “Add” to finish the setup.
Use NordPass to secure your online accounts
Two-factor authentication is a smart and convenient way to provide your account with an extra layer of protection. However, if you're truly committed to keeping your digital identity secure, you need a reliable way to store your passwords, passkeys, and recovery codes. That’s exactly what NordPass is designed to help you with.
NordPass is a password manager that allows you to securely and easily generate, store, manage, and share your passwords, passkeys, credit card details, and personal information. It uses XChaCha20 encryption and multi-factor authentication to provide a high level of security, encode your data, and prevent unauthorized access. You can use NordPass to store the backup codes for your online accounts as secure notes or documents to make sure you can recover your account easily, even if you lose your phone.
Frequently asked questions
Yes, you can choose an alternative method for two-factor authentication. Biometric verification adds an extra layer of security by authenticating users based on their unique physical characteristics, like their fingerprint or face ID. Additionally, hardware tokens, such as USB security keys, offer an alternative by necessitating a physical device alongside a password for authentication.
Yes, even if you've lost access to your 2FA device, you can recover your account by using backup codes, secondary devices, or by contacting customer support. You may be required to verify your identity by answering a few security questions or providing proof of ID. Some services may also let you temporarily disable 2FA for account recovery. After regaining access, you can set it up again with a new device.
Losing your 2FA device doesn't immediately provide outsiders with access to your accounts. Access requires knowledge of your passwords or other security measures, and recovery typically involves additional authentication steps to verify your identity. Nevertheless, it's crucial that, in the event of losing your 2FA device, you react appropriately and follow security procedures to minimize the risk of unauthorized access.