Hi Steyn, sorry for the delayed response due to Medium making their response feature web-only.

The scenario of losing access to a 2FA system is very problematic. Increasing security also increases the probability of getting locked out of your own data. I am actually unable to access one of my accounts at a crypto exchange due to having to switch phones unexpectedly and Google Authenticator not transferring my 1TP info between phones. The account recovery process when you lose your 1TP generator is very laborious and often impossible when it’s an international company. I think a lot of the 2FA tools haven’t really thought through the “account recovery” and “syncing” and “backup” for their own solutions which are supposed to be making things easier for users. There are experiments going on with decentralized identity verification systems using distributed ledgers, which seem like a potential solution. However 2FA providers should have more UX people involved and should be designing for the use case of “lost phone/hardware” from the beginning.