Yep, any time I use an authenticator with an account I generate "backup codes" and keep them in my password manager. This saved me when I got a new phone and for some reason my Google Authenticator did not transfer to the new phone properly.
> Google Authenticator did not transfer to the new phone properly.
This seems to be my normal experience with a new phone for MFA apps. I’m doing something wrong.
That and setting up email are so dreaded that I hold off updating.
Switching from Android to iOS for a phone, I found that Microsoft Authenticator officially doesn't support this. You can't backup, you can't transfer. Everything is lost, please start anew.
I put my TOTPs in Google and Microsoft authenticators for double-redundancy. On two separate handsets. Then I have someone else I trust implicitly scan the QRs too and have them on their phone.
For crucial stuff, I take photos first and store them on my own nextcloud (with its own replication) and also copy them on a physical device. And my Android authenticator (andOTP) allows me to export encrypted backups (with password saved on password manager, ofc), which I then save on Dropbox.
If it's a MFA I actually don't care much about (security-wise), I simply save the token on bitwarden so it autocompletes for me (it defeats most of the main point of "multi" FA but I don't care about it to begin with).
Printing is not a bad idea, especially for backup, if you put them in a fire-proof safe or something. Make sure to give each a name to know which service they are for.