There’s no debate that a well set-up multi-factor authentication (MFA), like two-factor authentication (2FA), increases the security of your accounts and assets.

But have you ever thought about what the worst-case scenario with MFA means, in practice? And how to restore your access to accounts and assets in such case?

Often, 2FA is done with your phone - either with an SMS or an app. It could be a hardware token as well, like a USB stick hanging with your keys. The common thing with these items is that you can physically lose them.

Now, consider yourself on vacation on the other side of the world. Your phone and keys are stolen. You lose access to your authenticator app (phone), your mobile number (SIM), and the hardware token (keys).

  • Your mobile banking app is not available.
  • If you use mobile payment methods, they’re gone.
  • You can’t sign in to your email as you don’t have your MFA.
  • You can’t sign in to your social media (if you still use some) as you don’t have your MFA.
  • You lose access to your contacts - except for the two numbers you still remember from the time mobile phones were not everywhere.
  • You lose access to your itinerary, like bookings and flights.

Scary, right? You can fix most of the things once you get home but…

…How do you get home?

…And once you are back home, how do you restore your access to the services as you still don’t have your SIM, phone, and hardware token with you.

Maybe you have a backup hardware token and/or the 2FA recovery codes waiting for you at home. Maybe you can recover your bank app by visiting the bank in person. Maybe calling customer service helps.

Anyways, it might be a great idea to spend a few minutes to think about how you would recover the most important accounts in such case. At least I realized a few things I can improve to make recovery in such case a lot easier. I also realized that I have been traveling quite naively, assuming I have my phone and keys everywhere. YOLO (You Only Lose them Once), and so on.

No, please, don’t disable MFA.