Recovery & MFA
Recovery is part of the threat surface
If the same old phone number or secondary inbox unlocks everything, your setup is only as strong as that weakest recovery path.
MFA matters, but recovery choices often matter just as much.
Recovery & MFA
Make recovery deliberate
Choose recovery channels on purpose. Decide which email, phone, and backup codes are part of your real safety plan and which are just leftovers from the past.
Document backup codes in a safe place
Use an updated recovery email you actually control
Avoid leaving old numbers connected forever
Recovery & MFA
Avoid self-lockout by design
The goal is not to create the most complex MFA stack possible. The goal is to stay recoverable without relying on bad defaults.
Test recovery before you need it
Review device trust settings
Write down what you changed and why
Takeaway
A safe setup still has to be recoverable by you, not only hard for everyone else.