Blog | G5 Cyber Security

Secure 2FA Recovery Codes

G5 Cyber Security

TL;DR

Keep your 2FA recovery codes safe! This guide shows you how to store them securely, covering password managers, physical storage, and what *not* to do.

1. Understand the Risk

Recovery codes are a backup if you lose access to your authenticator app or device. If someone gets hold of these, they can bypass 2FA and take over your account. Treat them like passwords – with even more care!

2. Best Options for Storage

  1. Password Manager: This is generally the most secure option.
    • Most password managers (like 1Password, LastPass, Bitwarden) allow you to store notes alongside your logins. Use this feature to securely save your recovery codes.
    • Ensure your password manager itself has strong security: a strong master password and 2FA enabled!
  2. Physical Storage (Offline): A good alternative if you don’t trust digital storage.
    • Write them down on paper.
    • Store the paper in a secure location: safe, lockbox, fireproof bag.
    • Consider multiple copies stored separately.

3. What *Not* To Do

  1. Don’t store them on your computer or phone in plain text: This includes notes apps, screenshots, or documents without encryption.
  2. Don’t email them to yourself: Email is notoriously insecure.
  3. Don’t store them in cloud storage without strong encryption: Services like Google Drive or Dropbox are vulnerable if your account is compromised.
  4. Don’t share them with anyone: Even seemingly trustworthy individuals.
  5. Don’t reuse recovery codes across multiple accounts: Each account should have unique codes.

4. Generating New Codes

If you suspect your recovery codes have been compromised, or if you’ve stored them insecurely, generate new ones immediately.

  1. Find the ‘Generate Recovery Code’ option: This is usually found in your account security settings (e.g., under 2FA/Two-Factor Authentication).
  2. Save the new codes securely: Follow the steps outlined above.

5. Example – Generating a Recovery Code with Google

The exact process varies by service, but here’s an example for Google:

  1. Go to your Google Account Security settings
  2. Select ‘2-Step Verification’.
  3. Under ‘Recovery codes’, click ‘Get recovery codes’.
  4. Follow the on-screen instructions to generate and download (or print) your codes.

6. Regular Review

Periodically review where you’ve stored your recovery codes and ensure they are still secure. Update them if necessary, especially if you change password managers or move storage locations.

Exit mobile version