[jgalt212]

There are just so many things that make me fearful of either losing my phone or having it irreparably damaged. The account recovery process can be a. too hard or impossible (Hi Gitlab!) or b. too easy (too simple security questions).

[tialaramex]

I can't figure out which account you're worried about here.

Your bank presumably knows a bit more about you than... nothing like a free Gitlab user and the account is valuable to both of you. So they can "just" do old fashioned manual account recovery as they would have in 1820 or 1920.

If I lose my phone and all backup authenticators, maybe in a house fire or something, I can live with the fact that maybe I need to go in person to a big stone building and talk to a human face-to-face about account recovery. My home just burned down, I think I can make a little time for essentials like that.

[ratherlongname]

No such issue with UPI. 2FA makes sure no one can do payments from your lost phone; and the signup process for UPI (on a new phone) literally only involves creating a PIN as the bank account associated with your current phone number is added automatically through SMS verification.

[nine_k]

2FA with some rescue codes printed and kept in your wallet / safe box seems like a reasonably bulletproof setup (hi GitHub!), but not every important site offers this.

[jgalt212]

Yes, that's decent. I also like services that allow you register multiple 2FA devices for an account. e.g. my back up phone not only serves as my back up phone, but also my back up 2FA device. I believe rackspace allows this.

[scoot]

Printing them and carrying them in a wallet that could be lost or stolen seems like asking for trouble.

[nine_k]

Unless you're a victim of a targeted attack, and the perpetrators know your accounts and go to immediately hijack them, it's a non-issue. You just generate and print new rescue codes, and the old codes become invalid.

[krtkush]

I keep all my secure codes in my password manager.