[lexapro]

Your website was down for more than 2 weeks not because 2FA is badly designed, but because you bet everything on your phone not getting lost or damaged. And now you refuse to secure your accounts.

[melvinmelih]

> And now you refuse to secure your accounts.

No, the big lesson for me is to have proper backups of credentials (like the other commenter mentioned) and ensuring multiple people have access to the prod environment. Don't just turn on 2FA without having these things in place.

[Spunkie]

Actually in this case it's likely AWS is also responsible for having trash 2fa restrictions. AWS will only allow you to setup one single 2fa method.

If you register with a yubikey, you can't register a 2nd yubikey as backup, nor can you register an authenticatior(TOTP) as a backup.