I wish more focus was placed on this. People need to make informed decisions and understand consequences so they can prepare. It's horrifying to me how, when suggesting solutions that carry this risk to normal people, the tech-savvy will casually omit the fact that, if this poor innocent normal person loses/breaks their device (or if their 2FA fails to transfer when they buy a new phone, WHICH I HAVE HAD HAPPEN TO ME and luckily caught it), they will permanently lose whatever personal data was under that 2FA.
I feel strongly enough about this that I am comfortable calling such irresponsible communication immoral. I'm not saying normal people shouldn't use solutions that have this caveat, but they absolutely need the risk to be made crystal clear to them.
If the data is important enough, e.g. bank accounts, there needs to be a backup to 2FA that is relatively painful - to make it resistant to attack - but not impossible.
I feel strongly enough about this that I am comfortable calling such irresponsible communication immoral. I'm not saying normal people shouldn't use solutions that have this caveat, but they absolutely need the risk to be made crystal clear to them.