40% of Users Locked Out by 2FA

Security / 2FA / By /
A black padlock sits on a pink keyboard. To the right are the words "2FA Lockout."
Image created using Canva.

Turning on two-factor authentication (2FA) is a great way to protect your account. By requiring you to prove your identity a second way when you log in, it makes it much more difficult for cybercriminals to hack you.

However, if something goes wrong, say you accidentally delete your authenticator app or lose your phone, then you won’t be able to log in to your account either. 

But just how common is it for people to get locked out of their accounts by 2FA? I ran a small study on the survey platform Prolific to find out. 

The survey

With my limited budget, I could only afford to survey 25 people, but the results were striking: A whopping 40% of survey takers reported being locked out of their own accounts by problems with 2FA. 

Have the survey takers been locked out of their accounts by 2FA? Yes: 40% No: 60%
A surprisingly large proportion of survey takers had been locked out of their accounts by 2FA. Image made in Canva.

No single 2FA method stood out as being particularly problematic when it came to getting locked out. Survey takers reported 2FA snafus while using SMS, email, push notifications and authenticator apps. The only 2FA method not mentioned explicitly was security keys, but that’s probably because they are the least used method, despite being the most secure.

Which 2FA method were people using when they were locked out? SMS: 20% Email: 10% Authenticator: 20% Push notifications: 10% Unspecified: 40%
SMS, email, authenticators and push notifications all led to 2FA lockouts. Image made in Canva.

The survey also revealed the prospect of getting locked out by 2FA was a worry for most people, with 52% of survey takers saying they were concerned about this happening. 

More than half of survey takers are concerned about getting locked out of their own accounts by 2FA. Image made in Canva.

Avoiding 2FA lockout

So, what can you do to avoid getting locked out? The survey takers themselves had some great ideas! 

What precautions do people take to prevent 2FA lockout? Saving backup codes: 8 people Adding multiple forms of 2FA: 4 people Backing up authenticator: 4 people Setting security questions: 1 person Knowing how to remove 2FA: 1 person No precautions: 7 people
Some survey takers had taken some excellent precautions to prevent 2FA lockout. Others, not so much! Image made in Canva.

32% said they prepared for problems with their 2FA by saving their backup codes, which can be used in place of their second factor in case of emergency.

16% reported setting up multiple different forms of 2FA, such as push notifications and an authenticator app. That way, if they have a problem with one, they can use the other instead.

Finally, 16% said they back up their authenticator app so they can restore their 2FA codes if they lose or break their phone. 

You can read more about these precautions in my dedicated post about avoiding 2FA lockout.

Unfortunately, however, 27% of survey takers indicated they had taken no steps to ensure they could still access their accounts if there was a problem with their 2FA. Hopefully they will start to change their ways and take precautions, just in case they too suffer a 2FA emergency!

The takeaway

If you’ve been locked out by 2FA, or worry about getting locked out by 2FA, you’re not alone! But you shouldn’t let that stop you from enabling it. By taking precautions, you’ll still be able to login, even if you have a 2FA snafu.

Leave a Comment

Your email address will not be published. Required fields are marked *