Lost Your Phone? How to Recover 2FA Access
Losing the phone that holds your authenticator app can feel like being locked out of your entire digital life. In almost every case you are not — there is a way back in. Work through the options below in order; the first one that applies to you is usually the fastest.
Start here: recovery in order
- Use a backup code — instant, no waiting.
- Rescue your secrets from the old phone if it still turns on, even briefly.
- Use the service's account recovery — recovery email, phone, or a trusted device.
- Contact support with ID verification — the slow but reliable last resort.
1. Use your backup codes
When you turned on 2FA, most services showed you a set of one-time backup (or "recovery") codes and told you to save them. This is exactly the moment they are for. On the login screen, after the password step, look for Enter a backup code, Use a recovery code, or Try another way. Each code works once. If you find them you are back in within seconds — then immediately re-enable 2FA on a new device and generate a fresh set.
Not sure what these are or where to find them? See backup codes explained.
2. Still have the old device? Move your secrets
If your old phone still powers on — even with a cracked screen or no SIM — you can rescue everything before wiping it. Google Authenticator, for example, exports all accounts at once as a QR code (menu → Transfer accounts → Export accounts). Scan that into your new phone, or import it into 2FAA to keep a copy in your browser.
Import from Google Authenticator →Per-service recovery
| Service | Where to start recovery |
|---|---|
| Google / Gmail | Sign-in → "Try another way" → recovery email/phone or a signed-in device. Manual review can take 3–5 days. |
| Apple ID | Use a trusted device or trusted phone number; otherwise account recovery, which can take days. |
| Microsoft | aka.ms/recover with your recovery code or an alternate email. |
| GitHub | Recovery codes, or a configured recovery method. SSH keys and tokens do not bypass 2FA. |
| Facebook / Instagram | "Need another way to authenticate?" → trusted device, or ID upload. |
| Discord | Backup codes. Without them, support generally cannot restore a 2FA-locked account. |
| Banks / crypto exchanges | In-app support. Expect identity checks and a fixed security waiting period. |
If you have no backup codes and no device
This is the hard case, but rarely hopeless. Go to the login page and start account recovery ("Forgot password" often leads into it, or look for "Need help signing in?"). Be ready to prove who you are: access to the recovery email or phone, security-question answers, a previously trusted device, or a photo ID where supported.
For high-value accounts — primary email, banks, exchanges — expect a manual review and a waiting period measured in days. Two things speed this up a lot: requesting recovery from a device, location, or network you have used before, and having a recovery email and phone already on file.
Prevent this next time
- Save backup codes for every account in a password manager — not a screenshot in your camera roll.
- Keep your TOTP secrets on a second device or in an encrypted export, so no single lost device can lock you out.
- A browser authenticator like 2FAA holds your codes on a laptop and can export/import secrets as a backup file.
- Add a recovery email and phone number to important accounts before you ever need them.
Keep a backup copy of your codes
2FAA is a free, browser-based authenticator. Hold your TOTP secrets on a second device and export them as a backup, so a lost phone never becomes a lockout.
FAQ
Can I recover my accounts if I lost my phone and have no backup codes?
Usually yes, but it takes longer. Most services have an account recovery flow that verifies your identity through a recovery email, phone number, or a previously trusted device. Banks and crypto exchanges are the strictest — they often impose a waiting period of several days before disabling 2FA. Start from the login page by clicking 'Need help?' or 'Try another way'.
Does losing my phone turn off 2FA on my accounts?
No. 2FA stays enabled. The secret that generates your codes lived on the lost phone, so you simply can't produce new codes until you recover the account or re-enroll a new device. Your accounts remain protected — including from whoever finds the phone, as long as it is locked.
Can I generate the same 2FA codes on a new phone?
Only if you still have the original secret key, the setup QR code, or an export/backup of it. TOTP codes are derived from that secret plus the current time, so the same secret produces identical codes on any device. If the secret only ever existed on the lost phone and you kept no backup, you must re-enroll the account from scratch.
How long does 2FA account recovery take?
Anywhere from seconds to weeks. A backup code logs you in instantly. Automated recovery via a verified email or phone takes minutes. Manual identity review — common for email providers, banks, and exchanges — can take several days, and some enforce a fixed security waiting period that cannot be skipped.
How do I make sure a lost phone never locks me out again?
Keep your 2FA in more than one place: save every service's backup codes in a password manager, and either add your TOTP secrets to a second device or keep an encrypted export. A browser-based authenticator like 2FAA lets you hold your codes on a laptop too, so a lost phone becomes an inconvenience instead of a lockout.
Related reading: 2FA code not working?, Backup codes explained, Transfer from Google Authenticator