[lbriner]

Exactly. I asked Per Thorsheim once about resetting 2FA creds, something that is viable for banks etc. that hold a lot of semi-private data which can be used to verify your data but for a much smaller startup with basic account info.

He said he didn't know how it would be done securely.

I see a lot of attacks are due to account takeover and we currently seem torn between allowing an attacker to circumvent the 2FA by account reset or leaving someone unable to access their account for ever.

I started scanning 2FA codes into two phones, my main one and one that I leave hidden at home (and switched off) for backups. Knowing my luck though, I'll ned to access the one that I forgot to scan into the second phone!

[LocalPCGuy]

You could also print the 2FA setup codes (like on actual paper :P) and store them in a safe or otherwise secure location. Along with the backup codes probably (or maybe each goes to a different location, or copy of each in 2 locations, one remote, depending on how important access is and how hard it would be to get it back without that information.)