[immibis]

> The fallback path here is what you'd do with any other MFA loss.

Which, in many cases, is avoid MFA because it's less secure. Yes, less secure because availability is part of security.

And I don't have a better plan to store all those recovery codes than to store all those passwords. So the attacker can still get in with the same effort, but I have to keep getting my phone. No thank you.

[TheBicPen]

I agree that storing recovery codes is a pain point, but they're fundamentally different from passwords in that you don't need to use them for each login. That allows you to put them in cold storage, whether that's an encrypted flash drive, a piece of paper, a box buried in your back yard, or whatever else you want. Doing the same thing for information you need on each login would be ridiculous, but for a once-in-a-blue-moon recovery situation, the lack of convenient access is fine.

[jjav]

> Yes, less secure because availability is part of security.

This is too often forgotten. Availability is a fundamental part of security and must be part of every threat model.

And your threat model needs to be matched with what it is being protected. One size does not fit all.

For example to log in to my brokerage account, I may be ok with a solution where I might lock myself out and have to go to a physical branch to restore access. Because while that would be a pain, it's better than having my life savings stolen.

But to log in to, say, facebook? Availability and convenience is #1 above all, it's just cat videos and other extremely low value stuff so it's not worth any inconvenience.