How To Find And Store Your Account Recovery Passcodes

How To Find And Store Your Account Recovery Passcodes
To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

Losing (or breaking) your phone is never fun. Yes, there are the complications that come from it being covered in fragile glass, but the issue that will ultimately cause your more grief is this: Your phone is the key to your online identity.

Image credit: Ervins Strauhmanis/Flickr

If you’re using two-factor authentication on your devices, you may rely on the authentication app or SMS texts providing randomly generated access codes used to verify your identity when you log into a different device, or make a purchase.

For added security, you should keep a physical copy of your account’s recovery codes, a set of two-factor authentication codes that can always be used in case you can’t access the time-sensitive codes generated on your phone. Consider it a new document to store next to your birth certificate, one that will keep you in control of your account no matter the state of your devices.

How to Get Backup Codes


Visit your Microsoft Account page and hit the Security tab at the top. From there, you can change your password, add alternative email addresses and phone numbers for account recovery, and keep an eye on your account’s activity. Under those options, you’ll find the link for additional security options, where that good ol’ two-factor authentication information is hiding.

From there, you can set up two-factor authentication, either using SMS (not recommended due to potential security flaws in SMS) or an authentication app (which generates a new set of passcodes every few minutes). Hit “Replace Recovery Code” and save the new code, which automatically replaces whatever old recovery code you had.


When enabling two-factor authentication for your Apple ID account, Apple gives you the option of creating a recovery code. You should take the hint and generate a recovery code, both for security purposes and because losing it could lock you out of your Apple ID account for good. Generating a recovery key on your iOS or macOS device is pretty simple. Here are the instructions, according to Apple:

  1. Go to Settings > [your name] > Password & Security. You might need to enter your Apple ID password.
  2. Tap Recovery Key.
  3. Slide to turn on Recovery Key.
  4. Tap Use Recovery Key and enter your device passcode.
  5. Write down your recovery key and keep it in a safe place.
  6. Confirm your recovery key by entering it on the next screen.

You can also get a recovery code using your Mac:

  1. Go to System Preferences > iCloud > Account Details. You might need to enter your Apple ID password.
  2. Click Security.
  3. In the Recovery Key section, click Turn On.
  4. Click Use Recovery Key.
  5. Write down your recovery key and keep it in a safe place.
  6. Click Continue.
  7. Confirm your recovery key by entering it on the next screen.


Visit your Google Account page, and click Sign In & Security. In the Signing into Google section, select 2-Step Verification. Sign in again, and prepare to see all the ways you can keep prying eyes away from your Google account. Among the options to configure two-factor authentication via SMS or authenticator app, you’ll see “Backup Codes”.

Google presents you with the option to download or print out 10 recovery codes, or generate new ones (which renders your previous recovery codes inert). You can only use each recovery code once, so be sure to cross it out or delete it after you regain access your account. At least you have nine more.

Print Them Out, Keep Them Safe

There’s a reason you should have a hard copy of your two-factor passcode, whether printed out or written yourself. It’s a last resort option for getting back into your account, and losing it when you need it could spell permanent doom for whatever service you’re trying to access.

In terms of storage, you should take extra care when storing your recovery codes. Folders are for beginners. If you’re trying to keep your recovery passcodes safe, you should put them in a secure location. I’m talking “lockbox containing your extra passport, birth certificate, and some Krugerrands for good measure” secure. Or at least under your mattress.

Also, Store Them Digitally

In addition to printing out a sheet of two-factor codes, you should store them digitally (though it shouldn’t be your only method of recovery code access). Just stick them in a text file, throw it onto an encrypted flash drive (here’s how), and stick it with the rest of your sensitive information (or, if you’re me, open your PC’s case and place the drive inside).

Put Them In a Password Manager

Even if you don’t have your phone with you, or are away from your physical recovery codes, you should still ensure you can access them wherever you are. If you use a password manager to handle your login credentials and personal information, you have all the resources you need to store the recovery codes and get them on any device, including the web.

Use Google's Password Alert Extension To Prevent Phishing

Phishing attacks, wherein scammers pretend to be legitimate companies in order to trick you into handing over sensitive information such as usernames, passwords or credit card information, are getting more difficult to spot. Even Google is susceptible to more sophisticated attacks, which have popped up everywhere from email attachments to shared Google documents.

Read more

Password managers such as 1Password and LastPass have web interfaces should you need to access your information from a new computer (or your replacement smartphone). Include the recovery codes with the rest of your account information, or put your set of recovery codes in a new document stored in your password manager. While your password manager might be more accessible and convenient, you should always have a physical copy of your access codes available in a secure spot as well, so don’t skip the steps above.


  • Except I have my password manager (Lastpass) setup to use 2-factor. So if I’m trying to log into the web version to recover my one time codes (because my phone is lost), I will need a one time code to log into Lastpass?

Comments are closed.

Log in to comment on this story!