Save your backup and recovery codes properly
Backup codes are the spare key for when your phone is lost, dead, or stolen. Saved well they are a lifesaver; saved badly they are a liability.
- When a service offers backup or recovery codes during 2FA setup, do not skip that step — generate them.
- Treat them like cash: each code logs in once, then is spent.
- Store them offline — printed and locked away, or in your password manager’s secure notes, not in a plain email to yourself.
- Avoid storing them only on the same phone that runs your authenticator, or losing the phone loses both.
- Keep a copy somewhere a trusted person could reach in a genuine emergency.
- Regenerate a fresh set if you ever suspect the old codes were seen, which invalidates the old ones.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.