Your phone is lost or stolen. What now? For many, this means not only the loss of a device, but also the potential loss of your digital identity: email, online banking, cloud storage, social media accounts – everything is connected to your smartphone these days. This is especially true if multi-factor authentication, via an app or text message, is enabled.
Even if you can’t log in at first, that doesn’t mean everything is gone. In most cases, you can regain access by taking the right steps. We’ll show you how.
Why MFA is both a lifesaver and a risk
Multi-factor authentication (MFA) protects your accounts more securely than a password alone. In addition to your username and password, a second factor is required, such as a one-time code from an app, a fingerprint or a push confirmation on your smartphone.
The problem: if your device is lost, the second factor is often missing. If you only use the authenticator app on a single smartphone, losing the device means you’ll be left standing in front of a digital door without a key.
This is particularly critical for central services such as email accounts, which are used to reset other accounts. Without access to your email address, many other accounts can’t be recovered.
1. First steps after loss
First, you should try to locate your smartphone. Then you’ll know if it was lost or stolen. Here’s how:
- iPhone: Location tracking takes place via Apple’s “Find My” feature. But it must be activated beforehand and the device must be linked to your Apple ID. Log in via iCloud.com or the “Find My” app on another Apple device and select your iPhone from the device list.
- Android: For Android smartphones, Google’s “Find My Device” offers a similar service. Here too, the device must be linked to a Google account and activated in advance.
If location tracking is possible, activate Lost Mode. This will lock the device, protect sensitive data and, if necessary, allow you to display a message with a callback number.
If location tracking is not possible, lock your SIM card immediately by calling your mobile provider. They can also blacklist the handset. Otherwise, anyone with access to your mobile phone number could intercept SMS-based security codes or arrange for a SIM card replacement.
2. Secure access to your key accounts
The next step is to check where you’re still logged in. Many users remain logged in to important services on their notebook, tablet or work computer. Be sure to start with your email account. Change the password and, if active, your stored multi-factor method.
If you’ve already locked yourself out of your email account, use the official account recovery function. Enter previous passwords, old contact addresses or other requested information as accurately as possible. Many email providers also check which device or location the request is being made from. So, use your home Wi-Fi or another known network if possible.
Only once access to your main email address has been restored can you move on to other services. On large platforms such as Apple or Google, you can see which devices were last logged in to your account in the account settings. Log out of your lost smartphone there and permanently remove the device from your account.
3. Sort out your banking apps
After securing your main accounts, you should take care of any financial services. These include online banking, credit card apps, payment services and digital wallets.
If you have a tablet or a second smartphone, you can reinstall your banking apps there and log in with your existing online banking credentials. The apps usually guide you step by step through the process of setting up an additional device.
It’s then important to check the device management section within the app or in online banking. There you can see which smartphones or tablets are registered to your account. Remove the lost device from this list immediately.
Note: If you can no longer log in because of MFA, contact your bank immediately. They can remove the lost device from the device binding.
4. Get back on social media
The next step is to check your messenger and social media accounts. These are often active on several devices at the same time. In the respective security settings, you can view existing sessions and end them individually.
Pay particular attention to unknown logins or device names. Remove anything that you can’t clearly identify. Then, if you haven’t already done so, activate annother authentication method that doesn’t rely on your smartphone.
5. Use backup codes and alternative recovery methods
Backup codes come in to play if you can still log in but your previous MFA method is no longer available.
Many services generate so-called backup or recovery codes when setting up multi-factor authentication. These are usually displayed once and then forgotten until exactly this moment occurs. If you’ve saved the codes, you can use them to log in even if the regular second factor is missing.
Check specifically whether and where you stored these codes. A single valid code is usually enough to regain access to your account and then set up a new MFA method.
At the same time, check if alternative recovery options have been stored. These include additional email addresses or a second telephone number. Most of these are used for account recovery when a regular login is no longer possible.
How to protect yourself from total digital failure
To prevent a lost smartphone from becoming a crisis, you should take a few precautions. These measures only take a few minutes. But in an emergency, they can save you hours or days:
- Activate multiple MFA methods: Don’t just use one authenticator app – add a second factor. This could be a hardware security key or an additional confirmation method.
- Store backup codes securely: Keep recovery codes separate from your smartphone. A securely stored printout, an encrypted document on your PC or a protected file in a password manager are suitable options. The important thing is that you can access them in an emergency, even without your mobile.
- Store alternative recovery data: Add a second email address and (if possible) an additional phone number independent of your main device.
- Set up an authenticator app on a second device: Many apps can be synchronised across multiple devices. A tablet or second smartphone can serve as a backup in an emergency.
- Prioritise important accounts: Email, cloud accounts and password managers should always be secured first. They’re the control centre for all other access points.
Link do Autor
