Quantcast
Motherboard Guide to Not Getting Hacked

What Is a Two-Factor Authentication Recovery Code?

Two-factor authentication is essential for good security on the internet. But if you don’t store your recovery codes, your security system may do more harm than good.

Daniel Oberhaus

Daniel Oberhaus

Shutterstock

If you use two-factor authentication apps like Google’s Authenticator or Authy to secure your accounts, take a moment to check that you have stored your recovery codes—also known as seeds—in a safe and memorable location.

If you have no idea what I’m talking about when I say ‘recovery codes,’ the accounts linked to your two-factor authentication (2FA) app are in danger and you really ought to fix that before you own yourself.

Two-factor authentication is a security protocol that protects your online accounts by requiring you to enter a code generated by the app on your phone. These codes are periodically updated so that the only way an attacker could gain access to an account secured by 2FA is to actually be in physical possession of your phone.

You should definitely use 2FA for everything, as long as you’re aware that this extra security precaution also comes with some risk. 2FA apps like Google’s Authenticator are tied to your device, which means that if you lose your phone or do a factory reset, you will also be locked out of all of your accounts that have 2FA enabled.

The only way you’ll be able to get back into those accounts if you’ve lost your phone is if you saved the recovery codes you got when you set up 2FA for that account. These codes, also known as seeds in the context of cryptocurrency wallets, are usually a string of numbers, letters or words that act as a one time password. For instance, when you enable 2FA on Google accounts, you are provided with ten one-time numeric recovery codes.

Read More: The Motherboard Guide to Not Getting Hacked

If you lose your phone, you can bypass 2FA using that one time password so that you can reset your 2FA on a new device. If you don’t have these codes, you’re out of luck and won’t be able to access that account again. If you didn’t save the codes when you originally enabled 2FA on an account, you can usually still access them by navigating to the security settings for that account.

Once you have the recovery codes, you can print them out or copy and paste them into a password manager so you’ll never get locked out of your account.