I can recover access to my account when I have lost my TOTP device.
When the user enroll itself, the possibility is given to download 10 recovery codes.
* A recovery code can be used instead of a TOTP code during the login process
* Each recovery code can be used only once
* There is a view in the account preferences to see how many recovery codes can still be used
* The recovery codes are stored in a way that make impossible to retrieve them (see the mechanism used for the personal access keys)
* The user can ask to generate new recovery codes
Open question: what to do when a user uses the last valid recovery code?