When 2FA server changes its private key or is unaccessible, user can not sign the transactions any more.

When user breaks his device, he cannot request new QR code for the same set of primary account and recovery account. He must create new "hot" account or new recovery account and create new 2FA account. He should rekey old multisig account to new multisig account.