2FAApp Local-first security tools
Use tools

Secure accounts and recover access after a phone is lost or stolen.

Lost Phone with 2FA Enabled

Reduce damage after losing a phone with authenticator apps, logged-in accounts, SMS fallback, and recovery codes.

Treat a lost phone as both a device-security incident and a 2FA recovery problem.
Protect the phone number, email account, and signed-in sessions before attackers can use them for recovery.
Use backup codes or a second factor to regain access, then rotate recovery material.

Lock down the device and phone number

Use the operating system's lost-device tools, contact the carrier if the SIM could be abused, and protect the email account that receives recovery messages. A stolen phone number can weaken SMS-based recovery.

Recover high-value accounts first

Prioritize email, password manager, domain registrar, cloud provider, finance, social media, and developer accounts. Use backup codes, passkeys, security keys, or official recovery forms according to each platform.

Rotate after the incident

After access is restored, remove the lost device from trusted-device lists, regenerate backup codes, rebind the authenticator, and review sign-in history for unexpected sessions.

Recovery actions

  • Mark the device lost or stolen using iOS or Android device tools.
  • Secure the primary email account and password manager first.
  • Use backup codes for the accounts that offer them.
  • Regenerate recovery codes and revoke old sessions after regaining access.

Important limits

  • If the phone was stolen unlocked, assume visible authenticator entries and saved sessions may be exposed.
  • SMS fallback can be attacked through carrier or SIM-swap abuse.
  • Do not approve push prompts you did not initiate while recovering accounts.

Related pages

Lost Authenticator App Recovery Work through backup codes, old devices, logged-in sessions, administrator help, and official recovery forms. 2FA Backup Codes Guide Learn what backup codes are, where to find them, how to store them, and when to regenerate them.

Related questions

What are backup codes? Backup codes are one-time codes generated by the platform you are protecting. Store them somewhere safe and separate from the device that holds your authenticator. What should I do if I lost my phone with 2FA enabled? Use backup codes if you have them, check whether any device is still logged in, start the platform's official recovery process, and protect your phone number and email from takeover.