version 26.6.3 · Self-Help · Printing~3 min read

Save your backup and recovery codes properly

Backup codes are the spare key for when your phone is lost, dead, or stolen. Saved well they are a lifesaver; saved badly they are a liability.

  1. When a service offers backup or recovery codes during 2FA setup, do not skip that step — generate them.
  2. Treat them like cash: each code logs in once, then is spent.
  3. Store them offline — printed and locked away, or in your password manager’s secure notes, not in a plain email to yourself.
  4. Avoid storing them only on the same phone that runs your authenticator, or losing the phone loses both.
  5. Keep a copy somewhere a trusted person could reach in a genuine emergency.
  6. Regenerate a fresh set if you ever suspect the old codes were seen, which invalidates the old ones.

Still stuck after those?

You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.

+61 421 346 887
5.0
★★★★★ on Google · loading…
Read all on Google →