What happens if I use two-factor authentication and lose my phone?

What happens if I use two-factor authentication and lose my phone?

Most online accounts give you the option of setting up two-factor authentication (2FA) for an extra layer of security when logging in. Using your phone number as your 2FA verification is so easy – you receive a text or phone call to verify it’s you, and boom! You’re in. Except now you’ve lost your phone and can’t access any of your accounts. Don’t panic just yet. You still have some options, which we discuss below, along with some handy preventative measures.

Backup codes: the easy way to recover your account

When you set up 2FA on most sites, including Google, they provide you with a set of unique recovery codes, which are made up of random numbers and sometimes letters. Each backup code can be used once to log in to your account.

• Tip: Save your backup codes offline

Please don’t save your recovery codes in the cloud – such as in your emails or notes. Your email account and devices can be hacked, lost, or stolen, and if you get locked out of your email account, you’ll lose access to your codes. Instead, use a USB stick, external disk drive, or encrypted password manager to store them securely. If you want to get more creative, you could store them on an old phone, Kindle or iPad that is factory-reset and set to offline mode for maximum security.

Transfer your old phone number to a new phone

If you didn’t save your backup codes, and you’ve lost the phone that you use for 2-factor authentication – try calling your phone network to transfer your old number over to a new phone. You’ll need a new SIM card for that, and it could take a day or two for it to activate. But once you have your old number working again, you can receive 2FA verification codes as usual.

• Tip: Erase your old phone remotely

If you’ve lost your phone, you should be able to remotely erase it if you’ve previously activated the feature in settings. Use Apple’s Find My Phone or Google’s Find My Device to view its location and delete its contents. The last thing you need is someone accessing your 2FA from your old phone and breaching all of your accounts.

Have your verification code sent to your backup phone

When you set up 2-step verification, you may have been given the option to choose a backup phone in case you lose access to your main number. If you’ve done this on Google, for example, select “Try another way to sign in” and have your verification code sent to your backup phone.

• Tip: Use a trusted family member or friend as a backup

You can add their number as a trusted backup source in case you lose access to your phone. Since a phone number is only part of the verification process for most accounts, it’s a good idea to use this method for your Apple ID, for example. Apple’s alternative recovery process is intentionally time-consuming to deter criminals. That’s why having a trusted friend receive your codes can be a massive relief during emergencies.

Set up 2FA on two different devices

Having a secondary device with your 2FA is a great backup if you ever lose your primary phone. A whole barrage of authentication apps exists to help you with 2FA, like Authy and Google Authenticator. The latter lets you scan a unique QR code to verify it’s you. Take a picture of the QR code on a secondary device or, better yet, print it and store it in a secret location to use in dire situations.

Contact customer service

Losing access to your 2FA isn’t the end of the world, which is why customer service departments are there to help. While proving your identity and going through recovery processes are difficult and time-consuming, your service may offer some quicker verification methods. Take your bank, for example. They may ask you to confirm your card details, unique security numbers, or address to help you get back into your account. Either way, forgetting passwords and losing devices is common, so it’s always worth a call before you give up.

What should you do if you lose a phone with Google Authenticator?

Losing a phone with Google Authenticator can be concerning because it is often used for two-factor authentication (2FA) to secure your online accounts. If you find yourself in this situation, here are some possible ways you can address this problem and ensure your accounts remain secure.

1. Log in using an alternative method

   If you've set up alternative methods for account recovery, such as a backup email address or phone number, use one of these options to regain access to your Google account. Visit the Google Account recovery page and follow the prompts to verify your identity. Once you've successfully regained access, make sure you change your Google account password to ensure the security of your account.

2. Erase your device remotely

   If your lost phone with 2FA is associated with your Google account, you can use the "Find my device" feature to locate, lock, or erase your phone remotely. For example, if you are an Android user, you can go to the Google Find My Device website and log in using your Google account credentials. Then, locate your lost phone on the map and choose options like "Secure device" or "Erase device" to protect your data from unwanted exposure. A similar process applies to iOS devices. (Bear in mind that all of the above will not be possible unless your misplaced Google Authenticator lost phone is turned on, logged into a Google Account, and connected to the internet.)

3. Use a new phone to set up or restore Google Authenticator

   Download the Google Authenticator app from the relevant app store (Google Play for Android, the App Store for iOS) on your new device. Since you don't have access to the old phone, you won't be able to use the traditional transfer method. Instead, you'll need to go through the recovery process for each account separately. Here's what it looks like for Android and iOS devices, respectively.

Android:

1. Go to your Google account settings, find the "2-step verification" section, and click on the Authenticator app.

2. Press the button labeled "+ Set up authenticator," and a QR code will appear.

3. Scan the QR code displayed on your computer screen using Google Authenticator and click "Next".

4. Type in the six-digit code from your phone and confirm by clicking on "Verify."

iOS:

1. Go to your "Google My Account" page and log in.

2. Access the Security tab in the top menu and choose "2-Step verification."

3. In the "Add more second steps to verify it's you," choose the Authenticator app and then click on the "+ Set up authenticator" button.

4. Follow the provided instructions to complete the setup.

Use NordPass to secure your online accounts

Since you are reading this article, chances are you're already securing your online accounts with two-factor authentication (2FA). Otherwise, why would you look up what to do when you lose your 2FA device, right? 2FA is a smart move, providing that extra layer of protection to your online presence. However, if you're truly committed to keeping your online life secure, you still need a reliable way of storing your passwords and codes — which is exactly what NordPass is designed to help you with.

NordPass is a password management platform that allows you to securely and easily generate, store, manage, and share your passwords, passkeys, credit card details, and personal information. It is fully encrypted, which means it provides a high level of security by encoding your data to prevent unauthorized access.

What is more, you can use NordPass to store your backup codes for your online accounts in it to make sure you can recover your account easily.

If you want to learn more about how NordPass can help you improve your cybersecurity and facilitate access to your online accounts, make sure to visit our website.

Frequently asked questions