Please Try again!
Here's How to Find and Store Your Account Recovery Passcodes
cybersecurity

Here's How to Find and Store Your Account Recovery Passcodes

Patrick Lucas Austin, Gawker Media

Image credit: Ervins Strauhmanis/ Flickr

Losing (or breaking) your phone is never fun. Yes, there are the complications that come from it being covered in fragile glass , but the issue that'll ultimately cause your more grief is this: your phone is the key to your online identity. If you're using two-factor authentication on your devices, you may rely on the authentication app or SMS texts providing randomly generated access codes used to verify your identity when you log into a different device, or make a purchase. For added security, you should keep a physical copy of your account's recovery codes, a set of two-factor authentication codes that can always be used in case you can't access the time-sensitive codes generated on your phone. Consider it a new document to store next to your birth certificate and social security number, one that will keep you in control of your account no matter the state of your devices.

How to Get Backup Codes

Microsoft

Visit your Microsoft Account page and hit the Security tab at the top. From there, you can change your password, add alternative email addresses and phone numbers for account recovery, and keep an eye on your account's activity. Under those options, you'll find the link for additional security options, where that good good two-factor authentication information is hiding.

From there, you can set up two-factor authentication, either using SMS (not recommended due to potential security flaws in SMS ) or an authentication app (which generates a new set of passcodes every few minutes). Hit "Replace Recovery Code" and save the new code, which automatically replaces whatever old recovery code you had.

Apple

When enabling two-factor authentication for your Apple ID account, Apple gives you the option of creating a recovery code. You should take the hint and generate a recovery code, both for security purposes and because losing it could lock you out of your Apple ID account for good. Generating a recovery key on your iOS or macOS device is pretty simple. Here are the instructions, according to Apple:

  1. Go to Settings > [your name] > Password & Security. You might need to enter your Apple ID password.
  2. Tap Recovery Key.
  3. Slide to turn on Recovery Key.
  4. Tap Use Recovery Key and enter your device passcode .
  5. Write down your recovery key and keep it in a safe place.
  6. Confirm your recovery key by entering it on the next screen.

You can also get a recovery code using your Mac:

  1. Go to System Preferences > iCloud > Account Details. You might need to enter your Apple ID password.
  2. Click Security.
  3. In the Recovery Key section, click Turn On.
  4. Click Use Recovery Key.
  5. Write down your recovery key and keep it in a safe place.
  6. Click Continue.
  7. Confirm your recovery key by entering it on the next screen.

Google

Visit your Google Account page , and click Sign In & Security. In the Signing into Google section, select 2-Step Verification. Sign in again, and prepare to see all the ways you can keep prying eyes away from your Google account. Among the options to configure two-factor authentication via SMS or authenticator app, you'll see "Backup Codes."

Advertisement

Google presents you with the option to download or print out 10 recovery codes, or generate new ones (which renders your previous recovery codes inert). You can only use each recovery code once, so be sure to cross it out or delete it after you regain access your account. At least you've got nine more.

Print Them Out, Keep Them Safe

There's a reason you should have a hard copy of your two-factor passcode, whether printed out or written yourself. It's a last resort option for getting back into your account, and losing it when you need it could spell permanent doom for whatever service you're trying to access.

Advertisement

In terms of storage, you should take extra care when storing your recovery codes. Folders are for beginners. If you're trying to keep your recovery passcodes safe, you should put them in a secure location. I'm talking "lockbox containing your extra passport, birth certificate, and some Krugerrands for good measure" secure. Or at least under your mattress.

Also, Store Them Digitally

In addition to printing out a sheet of two-factor codes, you should store them digitally (though it shouldn't be your only method of recovery code access). Just stick them in a text file, throw it onto an encrypted flash drive ( here's how ), and stick it with the rest of your sensitive information (or, if you're me, open your PC's case and place the drive inside).

Put Them In a Password Manager

Even if you don't have your phone with you, or are away from your physical recovery codes, you should still ensure you can access them wherever you're at. If you use a password manager to handle your login credentials and personal information, you've got all the resources you need to store the recovery codes and get them on any device, including the web.

Password managers like 1Password and LastPass have web interfaces should you need to access your information from a new computer (or your replacement smartphone). Include the recovery codes with the rest of your account information, or put your set of recovery codes in a new document stored in your password manager. While your password manager might be more accessible and convenient, you should always have a physical copy of your access codes available in a secure spot, as well, so don't skip the steps above.

Contribute to LifeHacker

Write for Us

Subscribe for latest stories