There would be recovery methods that would be different for each company, depending on how secure they'd like it to be.
The least-secure but the most convenient way would be to fall back to SMS OTP to recover the account.
If more security is required, companies can revoke access to the lost trusted device, and either delete the account or manually allow a certain device to enroll as a new trusted device after verifying the user's identity through a customer support team.
For a more balanced approach, we're considering requiring more than 1 trusted device, or have a friend recovery group to approve the account recovery on a new device.
But this is definitely something we're trying to improve. We'd appreciate any suggestions!
The least-secure but the most convenient way would be to fall back to SMS OTP to recover the account. If more security is required, companies can revoke access to the lost trusted device, and either delete the account or manually allow a certain device to enroll as a new trusted device after verifying the user's identity through a customer support team.
For a more balanced approach, we're considering requiring more than 1 trusted device, or have a friend recovery group to approve the account recovery on a new device.
But this is definitely something we're trying to improve. We'd appreciate any suggestions!