Coping with a lost, stolen or damaged phone

[I wrote this as a draft a month or so after returning from Argentina, and now I'm starting to prepare for my next trip I thought I should finally make the effort to actually publish it on the blog and to follow my own advice.]

So after my earlier on-the-fly wafflings, and being safely back home and having had a bit of time to mull things over, here's a kind of post-mortem on the problems I had when my phone broke and what I intend to do in the future to avoid similar problems.

What happened

• The USB socket on my phone was becoming increasingly unreliable, making charging difficult, verging on impossible.
• I believe this was caused or at least accelerated by using the phone to read in bed while charging it, as this could put extra strain on the connector, especially if I knocked it around while moving in my sleep - I often wouldn't or couldn't (in a dormitory, for example) put the phone on a bedside table before actually going to sleep.
• The charging situation got so bad that I decided it was better to risk taking it in for repair while I was abroad than to try to hold on until I got home; the phone was the only internet-capable device I had with me, as I didn't take a tablet or laptop to save weight and reduce the temptation to fritter time away on it.
• While the repair was fortunately successful, because I took it in on a Friday afternoon and the same-day repair I was initially promised didn't happen, I ended up without the phone until Monday.
• Without my phone I was (largely) unable to access my GMail account, because I needed the phone as a two-factor authentication device.
• Without access to my GMail account and/or my phone-as-a-phone, I was unable to access other accounts - most significantly airbnb - because they wanted to send me an authentication code via text message or e-mail.
• Some important details I needed for online checkin for my return flight were only on GMail, and some other details were only on GMail and Dropbox, neither of which I could access.
• I did in fact have a single GMail emergency backup code, good for precisely one login, but I felt I had to keep that in reserve in case all other options failed and I needed it to get access to the online checkin details. Yes, in principle I could have logged in with it, got some more emergency backup codes and been good to go, but I was worried that something would go wrong (e.g. a power or network outage in the internet cafe closing my session before I got more emergency backup codes out); this is the "two is one, one is none" principle in effect, I guess.
• I did manage to get in contact with my parents via Skype from an internet cafe, because Skype mercifully allows you to sign in from an unknown device without 2FA for a limited seven day period. I believe I could have used this to get them to relay a 2FA code from GMail which would have been phoned through to their home landline, as I had that set up as one of the recovery numbers, but I decided not to try this unless the phone repair failed and that was luckily not the case.
• I needed to get in touch with my non-resident airbnb host while I didn't have my phone. I had asked them for an e-mail address as I anticipated possible phone problems, but had then stupidly not written it down on a piece of paper but sent it to myself in an e-mail, which was inaccessible to me.
• I tried to set up a temporary free e-mail address to be able to contact my parents and (if I had had the address on paper) my airbnb host, but it was very difficult to get one without a working phone number. Doug Dyment has helpfully suggested to me since that there are free e-mail services which work without a phone number (I'll list them below); I think I failed to find these on my Google searches for "free e-mail addresses with no phone number" because they're primarily marketed as anonymising and/or spam-avoiding services, even though they do fulfil my requirements exactly.

Other problems which didn't happen but would have the same effect

If my phone had been stolen, lost or for some reason I had had to factory reset it the effects would have been almost the same as if the phone had broken and could not be repaired.

A factory reset would have been slightly better than a stolen or lost phone as I would have had a working phone with my UK SIM in, which could (in Argentina, where all this happened) receive texts but nothing else - that would have helped me re-establish my electronic identity on the effectively new phone.

Problems I didn't experience, but which seem possible and related

I was using a different UK SIM abroad than I normally do back in the UK; my normal contract has no roaming support at all (not a question of cost, it doesn't support it) and I therefore didn't have access to my normal UK number. Some websites were set up with the alternate number, but some weren't - in particular I don't think GMail was. So if I had bought a new phone and put my SIM in it, I might have struggled to authenticate to some websites.

I have some of my key passwords memorised (e.g. GMail) but not all; I use a password manager on - you guessed it - my phone for most passwords. This wasn't a problem for me this time because, anticipating the phone becoming impossible to charge at some point, I had jotted down a few of the more important passwords on a bit of paper and had them available.

What I could have done to be better prepared for this possibility

If I had been able to get access to my GMail account, pretty much everything else would have just worked. I had one emergency backup code but didn't dare to use it. So:

• Have at least two and ideally three GMail backup codes memorised. If I'd "lost" my phone and my bag - perhaps in a single mugging, perhaps I lose one and then the other a few hours or days after - having them on a piece of paper in the bag would not help me.
• Test in advance the possibility of logging into GMail using a 2FA code sent to my parents' landline and relayed to me by phone; if I know this works, I'll feel more comfortable not having any backup codes on a piece of paper. I already demonstrated it's possible to communicate with them to have the code relayed via Skype, and failing that an actual telephone call (internet cafes often provide call booths) to them would work too.

I think those two things alone would have reduced the stress caused by "losing" the phone enormously. I'll go on to make some other suggestions, but I think these are less critical:

• Test logging on to the most critical sites (for me, probably GMail, Dropbox and airbnb) from an "unknown" computer (a friend's, if I've never used it before, or an internet cafe here at home) before the trip with my phone switched off; if I can't get into any of them, I need to find a way round that.
• Taking a second (probably relatively cheap) smartphone with me is worth serious consideration. It would serve as a backup 2FA device, so with either smartphone I could access all my accounts with no problem. (The only exception would be text message authentication, as only one phone could have my SIM in at a time, but I could of course swap it between them if one broke instead of being lost or stolen.) This would also (probably) allow me to set up a new phone or a factory-reset phone if necessary. I think this would also help me avoid damaging the charging port by reading in bed; with two phones I could leave one charging on a table and read on the other in bed using its battery; even in a dormitory I could probably manage something like this by locking the charging phone in my bag/locker and charging it from a powerbank. And of course if the second phone was relatively cheap, I could carry it around with me at times and places I might otherwise prefer not to take my "main" phone.
• Having more of the key passwords memorised or written down (insecure, I know; perhaps write a hinted version?) would be very helpful. With access to e-mail I could have done a password reset on most sites to get in, which is why I don't think this is critical, although it's possible doing a password reset would have triggered extra 2FA-style authentication which would have involved text messges to my phone.
• Updating key sites to have the phone number of my "travel" SIM (not my normal UK number) would have helped if I had access to the SIM but not my phone itself (e.g. if I'd bought a replacement phone). This is potentially a pain as some sites might not allow multiple phone numbers so it might involve switching back and forth at the start and end of a trip, but definitely worth considering, especially on sites which do allow multiple numbers.
• Assume whatsapp and other "secure" communication methods such as airbnb messaging may be unavailable; try to get an e-mail address from airbnb hosts or other important people where possible and write it on a bit of paper or (a low-effort alternative) take a photo of it from the phone screen with my standalone digital camera and lock it so it won't be erased when I clear the card after copying photos on to my phone. I'm not sure it's generally welcome to ask e.g. airbnb hosts for e-mail addresses, but depending on the circumstances this might be useful. In any case, if I have an e-mail address for someone I might need to contact in an emergency, making the small effort to make it available if the phone breaks is useful.
• Don't get too internet-focused; I could have gone into a call centre and called my parents on the phone as way to re-establish communications, but I think I mostly forgot about this in the heat of the moment. I do have their numbers memorised already, but obviously if I didn't then memorising them would also be a good idea.
• Wear a watch, ideally a digital one. This way I know the time and have an alarm available (even if it isn't all that loud, it's better than nothing) while phoneless. (I do already do this, but I'll list it here anyway because it's a good idea and I should keep doing it.)
• Set up a standby e-mail account, memorise the password and teach my parents about it as a "probably me, but be suspicious" e-mail address. As this account would not be set up on any websites as my address, I could afford to leave 2FA disabled on it and could therefore log into it with just the password; I'd want to choose a webmail account which doesn't force 2FA, of course.

E-mail access without needing a phone number

The sites Doug recommended were:

• http://anonymouse.org/
• http://www.guerrillamail.com/
• https://trashmail.com/

but now I've been pointed in the right direction, a web search for "disposable e-mail address" shows lots of other options. Some of these options might mean any e-mails I received would be visible to random strangers, but with care that would be OK; for example a GMail 2FA code is single-use, so as long as I was waiting for the e-mail containing it and used it before anyone else could that would be an acceptable risk in an emergency.