Two-step verification is great. However, if you happen to lose your phone and don't have a few backup codes on you then it can make finding your device on the fly a bit complicated. You can score backup codes whether you use SMS or an Authenticator app for verification (you should really be using an Authenticator app), and carrying them with you can help get you out of a bind if your phone ends up MIA.
Let me tell you about my weekend:
Since my 18th birthday when I purchased my first mobile phone I've carried one with me every day. Every day until this Sunday, because I managed to (for the first time) lose my phone getting out of a Lyft on Saturday night.
We were roughly an hour away from home when I realised I had apparently dropped my relatively new Note8 on the floorboard of the car rather than in my purse as we were getting out at our destination. Our driver had left only a few minutes before, so I thought we were in a particularly useful window of time where he might find it rather than a nefarious passenger.
The phone was on silent, so calling didn't really help. I also have all my notifications hidden, so even texting the phone wouldn't really provide information to the person who found it.
Then we went to locate it using Google's Security using my boyfriend's phone. It's a nifty tool (located at security.google.com if you end up in the same situation) where you can track your lost phone, make it ring constantly for five minutes, wipe it, or leave a "Call This Number" message on your lock screen.
It was a great plan with one fatal flaw: I have two-step verification set up on my Google account using SMS and didn't have any backup codes on me.
Since I had two-step set up on my Google account and my boyfriend's phone wasn't a "trusted device" it wanted the code it was texting me in order to let me into my account to track my phone. It keeps thing secure, but without the phone I wasn't able to get the SMS message and log into my account at all. I was locked out.
What ended up happening was us going home, me logging into the account on my trusted laptop, and then putting a note with my boyfriend's number on the lock screen. A few hours later I blasted it with a constant full-volume ring, and my Lyft driver called us to let us know he had found the phone and had stowed it in his glove box a few hours prior.
Given that he was an hour from our apartment, that meant that the beginning of our Sunday was a road trip to go meet him in a distant grocery store parking lot to get it back.
The whole situation could have gone a lot worse (I have a phone!) but it also could have gone better. If I had been able to leave that note right when we realised the phone was lost, my Lyft driver probably would have seen it when he found the phone and we could have coordinated while we were all close by. I could have also saved myself a few hours of panic.
Thankfully, we were just an hour from home. Had we been on holiday further away, this could have been a lot more complicated. In my particular situation, I think a few emails to Lyft would have gotten my phone back. However, if it was actually stolen, I wouldn't have been able to wipe it until I got back to my computer. And if I didn't have a computer that was already a "trusted" device I would have been in for a whirlwind of pain.
And so, I recommend carrying around a few backup codes with you just for this occasion (and stowing a few in a safe place at home as well). You can create some by going into the two-step verification menu within your Google Account and then selecting "Backup Codes".
I now have a few codes written on the back of an unassuming business card in my wallet. You don't want to label the paper "Google Codes" in case your wallet is what gets stolen rather than your phone, but writing a few down on a business card, receipt or the like and tucking it away in a safe place could save you in a similar situation.
Bottom line: Don't be like me. It wasn't fun.