We are considering implementing a user authentication system using Auth0. However, we’re concerned about a scenario where a user might lose access to their email address. Specifically, we are concerned about what would happen if the domain of the email address that a user is using becomes invalid, rendering the email address itself unusable.
In the event that a user authenticates through an email address and password and also uses Multi-Factor Authentication (MFA) as a secondary verification method, what should we do if they still possess the device used for MFA but lose access to their email address?
Under such circumstances, how should we go about recovering this user’s account? We would greatly appreciate it if you could provide any specific steps or best practices. Our goal is to create a process where the user can resolve this issue as much as possible without the intervention of Auth0 administrators (developers, such as us).