The issue I have with 2FA without sms is that I need to also take care of recovery codes. Basically, it's like erasing all the benefits of going digital, since now I have to store (and take care of) paper copies of recovery codes.
If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready. If I were to use my phone number, I kind of don't need that since I just get a new sim and a new phone. But at the same time that is not safe now.
So what is the solution here? I liked the idea of something like DUO but not enough places use it.
> If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready.
It is a trade off. You either want difficult access if you lose your phone (via printouts) - or you want quick access (via SMS).
I dont think you can realistically have it both ways.
Having a "slow" method to retrieve a major access to your accounts seems to be the safest method, especially when you are likely to rarely use your phone.
You could also give a copy of the printouts to a family member or close friend, who you could ring if you were remote.
You could try Authy. The restore is not immediate but it keeps track of the services you have set up for 2FA. Trusting a huge honeypot like that with your auth is up for debate.
If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready. If I were to use my phone number, I kind of don't need that since I just get a new sim and a new phone. But at the same time that is not safe now.
So what is the solution here? I liked the idea of something like DUO but not enough places use it.