Lost Your Phone? Here's How to Get Back Into Your Accounts Without Losing Everything

Whenever you get a new phone or authenticator, you risk locking yourself out of your multi-factor authentication (MFA) enabled accounts. We explain how to quickly recover your accounts and prevent future lockouts.

By Kim Key

Using multi-factor authentication (MFA) is your best bet for keeping bad guys out of your accounts, as it adds an extra verification step to your login process. But what happens if you can't verify who you are after changing a setting, accidentally deleting your authenticator app, or someone steals your phone? Don't worry; in most cases, you can recover your account pretty easily, but you may need to provide more information about yourself first.

What Is Multi-Factor Authentication?

First, let's briefly address why MFA is necessary. We live in an era of near-constant data breaches. These incidents often result in your personal information getting lost, stolen, or even posted on the dark web. All a would-be hacker needs to get into your online accounts is a username and password, and those a typically found among criminals' breached data lists. MFA (sometimes called two-factor authentication or 2FA) means you're using multiple ways to prove your identity online.

You've probably encountered prompts to enable MFA on your social media accounts and email inbox, though, as one TikTok creator observed, sometimes companies can get a little too aggressive when requesting your identification:

Sometimes MFA combines a username and password with another form of verification, such as a face or fingerprint scan, or a passcode on a different, verified device. The most common way to enable MFA is to receive a one-time-use code via SMS. However, the rise of SIM jacking makes this a secure way to verify your identity. Instead, I recommend using a code generated by an authenticator app or a hardware security key to vouch for you. That way, even if a hacker knows the email and password you use to login to your accounts, they won't be able to get in without extra verification.

You can also start creating passkeys for your online accounts wherever possible. Not all sites support this tech yet, but when they do, you'll be able to forget about passwords and MFA methods altogether. Passkeys perform authentication by exchanging secret keys between your device and apps or websites. That means you don't need to do anything other than use the same device whenever you want to log in.

So You're Locked Out of Your Account, Now What?

What happens if you lose your device or someone steals it? If you change or delete your verification method, or if you break or lose your phone, you may lose access to your accounts. Luckily, in most cases, getting your account back is usually a pretty quick, if occasionally invasive process. Here are some questions to ask yourself when trying to regain access to your online accounts.

Check Where You're Still Logged In

First, check whether you're still logged in to your account on another computer or device. If so, visit your account's settings menu and deactivate or remove the old MFA method. If that works, great! Remember to add a new MFA you can access later.

Use Your Other MFA Options

Many services that support MFA allow you to enable multiple factors. If you've enabled authenticator app codes or security keys in addition to your MFA method of choice, try to use one of those methods next.

You should also check your settings menu to see if you've enabled other forms of identity verification. You may have given the company permission to send you a one-time SMS code, or you can request a push notification on another device.

When Personal Verification Is Necessary

If you're out of MFA options, it's time to try something a little less comfortable: answering personal questions. To do this on many platforms, you'll need to choose "Verify me another way." The verification process varies, but you may need to answer the security questions you set up when you signed up for the account. Some platforms, like Facebook, verify locked-out users by asking them to identify old profile information, such as former email addresses, phone numbers, old home addresses, former names, or other personal information.

You can always contact customer support, too. Many companies handle lockout requests through an automated system that can verify your identity and restore your account quickly. Other platforms require a photo ID or other form of physical verification, so you may be locked out of your account while your information is processed.

Should You Close Your Account?

Sometimes, you can't get your account back. This can happen if you can't or don't want to prove your identity with a photo ID, or if it's due to a company's security policies. If this happens, consider closing the account for good. Ask customer support to delete your old account, which they can do if it hasn't been accessed for a long time.

How to Prevent Future Lockouts

To stave off a nightmare scenario like being locked out of your bank account or email, try a few of these prevention tactics.

Enable Multiple MFA Methods

The easiest way to prevent MFA-related account lockouts is to enable multiple MFA options. Again, I recommend avoiding SMS codes if you can. Having multiple MFA methods means you can use another method when your first choice is unavailable.

Set Up Alternative Recovery Options

Sometimes websites will ask you to verify your email address when recovering your account. If you can't access the inbox for the email you used to sign up for the account, you may be locked out for good. That's why you should add a different email or an additional phone number to your account. You can create a phone number using Google Voice or a free burner phone app.

Keep Backup Codes Secure

Sometimes called backup codes or recovery keys, recovery codes are usually long strings of text characters you can use to unlock your account when everything else fails. Keep them safe by writing them down and storing them in a secure place, such as a physical safe. You can also store them as encrypted notes in a password manager.

Use a Password Manager for Everything

Speaking of password managers, you should consider using one. The best ones include a built-in authentication tool that lets you generate new passwords, store old ones, and enter authentication codes, all from one app. You can use a password manager to store other items that can help you get back into your account, too, like account recovery codes (as mentioned above) or answers to a website's security questions.