[Szpadel]

not only lost phone, but damaged phone is enough, as you can easily swap sim card but authenticator need to be set up again. BUT there are also one time recovery codes, they could add you option to use those to recover after clicking through few screens of warnings to make sure that you know what consequences does it have

[eternityforest]

That's one reason I definitely prefer SMS auth to any other method at the moment.

What if your phone is damaged while traveling and you are away from where you stored your recovery keys?

[rtsil]

Whenever I add a new 2FA token, I always add it to my phone and a TOTP app (Authy) on my computers. Same thing for recovery keys.

[lxgr]

You can always bring a paper recovery code or FIDO authenticator (both of which are safe against SIM swapping attacks).

[FrenchDevRemote]

we've been told for decades to "not write passwords on postits" and we're really back to square one...

[lxgr]

It's not a password, it is a secondary, single-use recovery second factor.

Carrying that around in a wallet doesn't make you any more vulnerable to physical attackers than carrying your Yubikey on a keyring, and it's much more secure against remote attacks than SMS-2FA (where you can fall victim to SIM swapping, number porting attacks etc).

[charcircuit]

ideally the paper would be in a safety deposit box / safe and not stuck to your monitor.

[FrenchDevRemote]

If it fits your need to have it a fixed location, then yes.

But he talked about traveling.

IDK about you but I don't travel with a safe in my backpack

[lxgr]

Just put it in your wallet and/or luggage. Without your account name and password, it's useless to any potential thief.