[yebyen]

So say I do this, and later my account is sent to collections. Can you think of a worse possible outcome when your phone is dropped in the toilet if you have no scheme for 2FA recovery?

My cloud-hosted business gets shut down, credit score tanks, because of the combination of my butter fingers and your secure authentication scheme! Might as well not employ any CSR drones at all if you're not going to handle this case. Maybe I'm exaggerating, but this is not a great strategy for customer satisfaction or retention.

To the extent that in a dispute situation, who pays the bill =/= whomever holds the keys, my preferred customer service strategy would tend to favor who is paying the bill.

[renolc]

I haven't heard of hosting companies sending anyone to a collection agency. It could happen, sure a but I think it's more likely they just cancel your account and suspend all continued hosting (which, if you believe 2fa should be impossible to circumnavigate, this is probably the ideal outcome). From there you would probably open a new account and start over.

I could see the argument either way on if this is the most optimal solution or not.