Turning on two-factor authentication (2FA) is a great way to protect your account. By requiring you to prove your identity a second way when you log in, it makes it much more difficult for cybercriminals to hack you.
However, if something goes wrong, say you accidentally delete your authenticator app or lose your phone, then you won’t be able to log in to your account either.
But just how common is it for people to get locked out of their accounts by 2FA? I ran a small study on the survey platform Prolific to find out.
With my limited budget, I could only afford to survey 25 people, but the results were striking: A whopping 40% of survey takers reported being locked out of their own accounts by problems with 2FA.
No single 2FA method stood out as being particularly problematic when it came to getting locked out. Survey takers reported 2FA snafus while using SMS, email, push notifications and authenticator apps. The only 2FA method not mentioned explicitly was security keys, but that’s probably because they are the least used method, despite being the most secure.
The survey also revealed the prospect of getting locked out by 2FA was a worry for most people, with 52% of survey takers saying they were concerned about this happening.
Avoiding 2FA lockout
So, what can you do to avoid getting locked out? The survey takers themselves had some great ideas!
32% said they prepared for problems with their 2FA by saving their backup codes, which can be used in place of their second factor in case of emergency.
16% reported setting up multiple different forms of 2FA, such as push notifications and an authenticator app. That way, if they have a problem with one, they can use the other instead.
Finally, 16% said they back up their authenticator app so they can restore their 2FA codes if they lose or break their phone.
You can read more about these precautions in my dedicated post about avoiding 2FA lockout.
Unfortunately, however, 27% of survey takers indicated they had taken no steps to ensure they could still access their accounts if there was a problem with their 2FA. Hopefully they will start to change their ways and take precautions, just in case they too suffer a 2FA emergency!
If you’ve been locked out by 2FA, or worry about getting locked out by 2FA, you’re not alone! But you shouldn’t let that stop you from enabling it. By taking precautions, you’ll still be able to login, even if you have a 2FA snafu.