Store your account recovery codes safely
Print or securely save the recovery codes for your most important accounts — particularly those protected by an authenticator app. Recovery codes are the only way back in if you lose access to your authenticator.
Why this matters
Recovery codes are the only way back into an account protected by an authenticator app if your phone is lost, stolen, or broken. Without them, you may be permanently locked out of your most important accounts. Most people download recovery codes during setup and then cannot find them when needed.
How to do it
- For each account where you have set up an authenticator app, locate the recovery codes — these are usually found in Security → Two-step verification → Recovery codes.
- Download or view the codes and save them in two places: a printed copy stored somewhere physically safe such as a filing cabinet, and a secure digital copy in your password manager or encrypted notes app.
- Do not store recovery codes in the same place as your regular passwords — they need to be accessible even if you lose access to your password manager.
- Label each set of recovery codes clearly with the account they belong to and the date they were generated.
- After using a recovery code to regain access to an account, generate a new set immediately — each code can only be used once.
Cyber Essentials framework
This task falls under the User Accesscontrol — one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment.
Track your full security score — free
Create a free account to check off tasks, see your Security Score, and build toward Cyber Essentials alignment.
Start your free security check