What To Do If You Lose Your Two-Factor Phone
What To Do If You Lose Your Two-Factor Phone: Many websites send security codes to your phone number to confirm your identity when signing in. You may use apps that generate security codes on your phone, too. But what happens if you lose your phone?
Get Your Phone Number Back
You can try using recovery methods to access your accounts immediately without your phone number. However, you’ll probably want to get your phone number back sooner rather than later.
Your cellular carrier can help you immediately associate your phone number with another new phone. Even if you don’t want to buy an expensive new phone immediately, you can get a phone to tide you over. You might want to dig an old phone out of your drawers or borrow one from a friend or family member. Even an old flip phone will do in a pinch. And, if you’re looking for a new phone, you can always buy a cheap Android phone.
After you have a phone, your carrier can give you a new SIM card tied to your account and you can instantly regain access to your phone number. All you have to do is go to your cellular carrier’s store and you can get your phone number back on the spot—they’ll be happy to sell you a phone if you want that, too. If you don’t have a store nearby, contact your cellular carrier’s customer service.
If you already have some sort of cell phone insurance through your cellular carrier or another source, it may even partially cover a replacement. We don’t necessarily recommend it, though—we think carrier insurance plans are a bad deal. AppleCare+ is a better deal, but it doesn’t cover lost or stolen phones.
Forward Your Old Phone Number
If you don’t want to get a new phone immediately, you may be able to forward calls from your old phone number to another phone number. Cellular providers let you set up call forwarding so calls directed at your old phone number will be forwarded to a number of your choosing.
However, there’s no way to forward SMS messages, which means you can’t receive those texted security codes. Luckily, many—but not all—services provide the option of calling the phone number they have on file and speaking a security code. That will work with call forwarding.
Consult your cellular carrier for more information on setting up call forwarding. Verizon lets you enable call forwarding online from your computer. AT&T, Sprint, and T-Mobile only provide instructions for enabling call forwarding from your phone, but you may be able to call customer service from another phone number and ask them to activate call forwarding for you,
Use Your Recovery Codes (or Another Recovery Method)
Many accounts offer recovery methods, which are ways you can regain access to your account if you ever lose your phone.
Some services offer recovery codes that they encourage you to print out and securely store somewhere. If you’ve printed out recovery codes for an account, now’s the time to use them to sign in to that account.
There are also other ways to regain access to your account. Some services let you enter an additional recovery phone number at which you can receive codes in a pinch. If you’ve provided a recovery phone number—for example, the phone number for your spouse’s phone—you can receive a code at that number to regain access.
Other services even let you remove your two-factor security through email. They’ll send you an email at your registered email address and let you click through a few dialogs to remove the protection and gain access to your account. That’s not good for security—it means an attacker with access to your email could easily remove your two-step verification—but many services do it anyway.
If you’re not sure whether you can recover your accounts, try signing into the account to see what recovery methods are provided. If an account doesn’t provide you with any recovery options, try contacting customer service. For example, if your bank insists on texting you a security code before you can sign in, contact your bank’s customer service line for help accessing your account.
You should check your important accounts and ensure you have a recovery method—whether it’s printed recovery codes or a recovery phone number—just to make things easier in the future.
What About Authentication Apps That Were On the Phone?
It’s not all about your phone number. Maybe you get security codes from an app on your phone, like Google Authenticator or Authy. Or, maybe you use many of the other apps that let you log in after agreeing to a prompt on your phone, including Twitter, Google, and Microsoft’s accounts.
If you’re using Authy, recovery can be easy: You can move your recovery codes to a new phone or even access them in the Authy app on your computer.
For most services, after you’ve lost your phone, you won’t be able to get those security codes. You’ll have to recover your account and provide some sort of evidence that you are who you say you are. Even if you normally sign in with a code generated in your app on your phone, you can probably get a security code sent to the phone number associated with your account, for example. Or, if you have recovery codes printed out, you can use those instead.
Whatever service you’re trying to regain access to, just try signing in and see what recovery methods you’re presented with. If you’ve regained access to your phone number, that should help you regain access to most of these accounts.
If you can’t use your phone number and you don’t have recovery codes or another type of recovery method, you may need to contact customer service. All accounts with two-step authentication have some sort of “Help, I lost my phone and recovery codes!” recovery method you can use. What you need to do depends on the options the service provides and what you have available.
Wipe Your Lost Phone
Remember that you can use Apple’s Find My iPhone or Google’s Find My Device to view the location of your phone on a map, lock it, and erase its contents. If you’ve given up on getting your phone back, it’s a good idea to send a remote erase command—just in case. This will prevent anyone who finds the phone from seeing your private notifications and other data. Even if the phone is currently offline, it will erase itself if it ever powers on and reconnects to Apple or Google’s servers. You may not get your phone back, but you can rest a little easier knowing your data has been wiped from the phone.