Skip to content

Saving and using backup codes Guide

Save, check, regenerate, and use your one-time backup codes so two-factor authentication can never lock you out.

Last updated July 16, 2026

On this page

Backup codes are one-time recovery codes that let you sign in if you ever lose access to your usual two-factor method — your authenticator app, your phone, or your email. Keeping them saved means two-factor authentication can protect your account without ever locking you out of it.

What backup codes are for

When two-factor authentication is turned on, you complete a second step every time you sign in. If the device or inbox you rely on for that step is unavailable — a lost phone, a wiped authenticator app, an email address you temporarily can't reach — a backup code takes its place.

Each code works only once. As soon as you use one, it's spent, and the rest of your saved codes stay valid until you use or regenerate them.

Tip: Treat backup codes like a spare key. Store them somewhere separate from your phone and password — a password manager or an encrypted note is ideal — so a single lost device never leaves you without a way in.

Save your codes when you turn on two-factor

You'll be shown a set of backup codes at the moment you first enable two-factor authentication. This is the best time to save them.

  1. Turn on your first two-factor method under Settings > Security.
  2. When your backup codes appear, copy them or download the provided .txt file.
  3. Move them to a safe, private place — a password manager, an encrypted note, or another location only you can reach.

Save the whole set, not just one code. Because each code is single-use, having the full list means you're covered for more than one emergency.

Check how many codes you have left

You can see how many unused codes remain at any time.

  1. Open Settings > Security.
  2. Find the backup codes area to view the count of codes you haven't used yet.

If the number is getting low, generate a fresh set so you always have several in reserve.

Regenerate a fresh set

Regenerating is the right move if you've used several codes, think your saved list may have been seen by someone else, or simply want a clean set to store.

  1. Go to Settings > Security.
  2. Choose the option to regenerate your backup codes.
  3. Save the new set right away using the steps above.
Important: Generating a new set immediately invalidates every earlier code. Any list you saved before will stop working, so replace your stored copy with the new one and delete the old codes.

Use a backup code to sign in

When you can't complete your normal second step, a backup code gets you in.

  1. Sign in with your email and password as usual.
  2. At the verification screen, choose the option to use a backup code instead of your usual method.
  3. Enter one of your unused codes.

That code is now spent. Cross it off your saved list so you don't try it again.

After you've used a code

If you had to use a backup code because you lost access to your authenticator or phone, take a moment to set things right once you're back in:

  • Re-enroll or update your two-factor method under Settings > Security so your everyday sign-in works again.
  • If your remaining codes are running low, regenerate a fresh set and save it.

Keep your codes safe

  • Store them apart from your phone. Backup codes only help in an emergency if they're somewhere you can still reach when your primary device is gone.
  • Keep them private. Anyone with a valid code and your password could complete a sign-in, so store them the same way you'd store a password.
  • Refresh them if they're exposed. If you suspect your list has been seen, regenerate a new set right away — the old codes stop working the moment you do.
Was this page helpful?