What Happens if You Lose Your Phone with 2FA on It?

May 12, 2026

Losing your phone is stressful. Realising it had your 2FA codes on it feels like being locked out of your entire digital life.

Here's what to do, and how to stop it happening again.

The short answer

If your authenticator app had cloud backup or sync turned on, you can restore your codes on a new device in minutes. If not, you'll recover each account individually using backup codes or account recovery.

Either way: don't panic, and don't wipe anything yet.

Step 1: Stop and assess

Answer three questions:

  1. Which authenticator app were you using?
  2. Was sync or cloud backup turned on?
  3. Do you have your backup codes saved anywhere?

Your answers determine which path to take.

Step 2: Try to restore your codes first

Ente Auth

Install Ente Auth on a new device, sign in with your Ente account, and your codes sync back instantly. End-to-end encrypted, so nobody else could have read them.

Google Authenticator (sync on)

Install the app on a new phone and sign in with the same Google Account. Codes appear automatically.

Note: Google sync is not end-to-end encrypted. If your phone might be in someone else's hands, change your Google Account password first.

Microsoft Authenticator (backup on)

Install the app. Before signing in, tap Begin recovery and authenticate with your Microsoft account. Personal accounts restore. Work and school accounts must be re-added through your organisation's security settings.

Authy

Install Authy on a new device, enter the same phone number, and complete multi-device verification.

Note: Authy is winding down for personal users. If affected, switch to a different app now.

Bitwarden Authenticator

If you connected it to Bitwarden Password Manager, sign in on a new phone and codes sync back. If not, your codes are gone with the phone—skip to Step 3.

Aegis or 2FAS without backup

If you exported a backup file and saved it somewhere accessible, restore from that file. Otherwise, skip to Step 3.

Step 3: If you can't restore, recover account by account

Start with the most important accounts.

Use your backup codes

When you set up 2FA, each service gave you one-time backup codes. Use them to log in.

Where to look:

  • Password manager (search by service name)
  • Email inbox (search "backup codes" or "recovery codes")
  • Files, Notes app, or printed copies

Once logged in, disable 2FA, then re-enable it with your new authenticator app.

Use account recovery

No backup codes? Every major service has a recovery process. Common methods:

  • Email recovery: Link sent to a verified backup email
  • SMS verification: Code sent to a registered phone number
  • Identity verification: Government ID or security questions
  • Customer support: Required for high-stakes accounts like banking and crypto

On the service's login page, click Can't access your account or Forgot password / 2FA.

Prioritise

Recover in this order:

  1. Primary email — often used to recover other accounts
  2. Password manager
  3. Banking and financial accounts
  4. Cloud storage (iCloud, Google, Dropbox)
  5. Cryptocurrency exchanges — strictest recovery process
  6. Everything else

Step 4: Secure your old phone if findable

  • iPhone: Lock or wipe via iCloud.com/find.
  • Android: Lock or wipe via Find My Device.
  • Change passwords on accounts without 2FA — they're most exposed.
  • Revoke active sessions on email, social media, and cloud storage.

Note: Assume someone could eventually bypass your phone's PIN or biometrics.

Step 5: Make sure this never happens again

Don't rely on a single device for your 2FA codes.

  1. Use an app with end-to-end encrypted sync. Ente Auth is free, open source, and syncs across phone, desktop, and web.
  2. Save backup codes for every account in a password manager or a physically secure place.
  3. Set up 2FA on multiple devices where possible — phone and tablet, or phone and desktop.
  4. Test recovery once a year by restoring on another device or logging in with a backup code.

Which apps survive a lost phone

AppLost phone scenario
Ente Auth✅ E2EE sync. Sign in on any device, codes restore
Google Authenticator⚠️ Restorable via Google sync (not E2EE). Locked out if sync was off
Microsoft Authenticator⚠️ Personal accounts restore. Work accounts need re-setup
Authy⚠️ Restorable, but winding down for personal use
2FAS⚠️ Only if you exported a backup or had cloud sync on
Bitwarden Authenticator⚠️ Only if synced with Bitwarden Password Manager
Aegis❌ Gone unless you exported a backup file beforehand

If your app is in the ❌ or ⚠️ column, switching is worth thirty minutes.

Try Ente Auth