What happens if I lose my 2FA device and my secret key?
If you lose your 2FA device, and don't have your secret key backed up, you can request two-factor authentication to be disabled on your account via email if and only if you kept "Email Recovery" enabled when setting up two-factor authentication. (When setting up 2FA, Email Recovery is enabled by default. Users must uncheck a box to disable it.)
About Email Recovery:
If you lose access to your device and your secret key, you will be unable to login to your account. If you enable Email Recovery, you can email Standard Notes from your account email to disable 2FA and allow you to sign back in to your account.
If you leave this option unchecked, you will permanently lose access to your account if you lose your secret key and do not have it backed up. For power users who maintain good data safety practices, we recommend keeping this option disabled for optimum security.