When setting up an online account, the service will prompt you to use an authenticator app. This will be required when you log in from an unknown device, or if you hadn’t log in for a month. The authenticator app will provide a 6 digit passcode that will be required in addition to your user ID and password. This means that even if someone was to get your credentials, they will also need your phone to log in. And with many authenticator apps requiring a password, or biometric login, this will make it much harder even if the would be bad actor had your phone.
When setting up 2FA, you would be given a list of 8 digit PIN codes which can be used in the case you no longer have your 2FA device with you. Once you log in, you can temporarily disable 2FA until you can acquire a new device. This sheet should be printed, and stored in a secured location. These codes will work just as if the bad actor had your 2FA device.