Saltkin

Not a bad point. I didn't even think about app-backups. That's a sufficient workaround for me! Since not everyone keeps backups of his apps, I'd suggest placing a note somewhere near the 2FA activating process, advising people to do so.

Are you sure that code doesn't just last for a limited amount of time? If it doesn't, that solution would be sufficient.

I'd like to use the two-factor authentification, as you suggest. However, I don't feel comfortable doing so, because I'd be screwed if I lost my phone then. That risk would be eliminated, if you'd offer backup codes, like most services using 2FA do. Let me know what you think! :) Edit: Here's someone that already fell victim to this: https://forum.elysium-project.org/topic/33736-no-login-after-smartphone-crashreset2fa/