Microsoft locked me out of my Skype account by enabling an old phone number as two factor out of the blue. I hadn't used that number for 10 years.

So disappointing since it was my only point of contact with lots of old friends.

This happened to me with LinkedIn (during a job search!) when my phone that had 2FA on it stopped booting entirely (Pixel 3a). Support had no reason they wouldn't simply contact me via the contact methods on my profile to reset 2FA, so I'm in limbo right now.

To be fair, they want me to email pictures of my driver's license to recover the account, which they pinky-promise they'll delete afterwards. I'm not willing to do that, given I didn't have to provide any ID to sign up in the first place. So now I'm looking into having this form they sent to me notorized so I can get access back. What a mess.

That just sounds like 2FA working as intended to me.

Interesting take! Escalating the information being demanded to recover the account beyond that used to sign up is not something I can really get on board with.

That's what 2FA means though: once you enable it you need both factors to authenticate, whether or not you had them when you first signed up. I agree that if they required you to switch to 2FA at some point, even though it wasn't required when you signed up, that's abusive. But not being able to log in without your phone or other something-you-have credential is the whole point of 2FA.

How do folks recover when 2FA fails?

Edit: nevermind, I'm sure I'm wrong about this, and it's offtopic anyway. Apologies!

> How do folks recover when 2FA fails?

Reset codes, as in some entities will provide you with a page/image/etc. with ~10 codes on it when you enable 2FA, which can each be used once in place of the code generated by the 2FA token, letting you get into the account to, e.g. set up a new 2FA token/method.

Phone numbers aren't 2FA and are susceptible for this reason.