Not all second steps are equal. App-based codes and hardware keys resist SIM swaps and interception better than plain text messages. Phishing-resistant FIDO2 keys shine against fake login pages, while push approvals add clarity but require vigilance. Enable the strongest option your bank supports, then add a fallback you control. If you upgraded from SMS, say what changed for you—speed, confidence, or fewer scary prompts—and whether the added reliability justified the setup effort.
Create backup codes and store them where panic cannot erase them: a password manager secure note, a sealed envelope in a safe, or a trusted emergency contact package. Avoid screenshots in your camera roll, and label everything clearly. Practice a mock recovery to ensure instructions are understandable under stress. Then schedule a yearly refresh. Share your storage method and how you’d access it during travel, so your plan survives luggage delays, dead phones, and jet lag.
Before disaster, register a second device or hardware key. During upgrade week, transfer authenticator entries carefully, confirm codes work, and then decommission the old phone. If a phone is lost, revoke approvals quickly, contact your bank to add verified numbers, and re-enroll 2FA on a clean device. Keep a printed checklist in your wallet for offline moments. Comment with migration tips that spared you from hours of frantic support calls.