You are probably aware of 2-Step Verification (2SV) where to log in to a particular service, like your google account, a username and password are not enough. You are also required to input an OTP (One Time Password) sent to you via email or text. Have you ever wondered how you would log in if you had no access to that email address or phone number? You would be pretty much stranded and locked out of your account. This is where verification backup codes come in.
These codes can also come in very handy when you are traveling. Google and several other websites provide you with verification backup codes that you can use to log in as a last resort. These are access codes that you can only use one time each in case you lose access to your OTP delivery media. Once you use one code, it is done for good and cannot be used again. Many people will print these verification backup codes and store them in a hard copy.
Google allows you to deactivate these codes by deleting them. More importantly so if you misplace them or suspect that they may be compromised. You can also replace the codes with new codes when you need to, such as when you are almost depleting the old ones. It is as simple as refreshing a webpage. As soon as you refresh the old unused codes expire and you get a set of 10 new codes.
- How to Increase your Online Security by Enabling Two-Step Verification
- How to sign in to a 2FA-enabled Google account when you lose your phone
Do These Codes have Drawbacks?
A key downside of these verification backup codes is that they are not very safe and secure. They are as secure as a password that you write down on a piece of paper and hide. It is fairly easy for someone to gain access to them and make a copy that they can use to break into your account. Of course that someone will have to be someone close to you and they also need to know your password. Quite improbable but not impossible, things do happen.
These verification backup codes are also not very convenient. This is because you need to either memorize the 8-digit codes, which is not easy or carry them with you at all times. Again it is very possible that you can have the piece of paper you printed them on destroyed, lost, or misplaced. If you don’t care about those drawbacks and want to get them for all the platforms you have access to, I have bad news for you. Even though Google has implemented them, only a limited number of other services use them. They surely have their perks but do not lack drawbacks as well.
How To Setup and Get Google’s 2-Step Verification Backup Codes
You can set up your Google 2-step verification backup codes fairly similarly on Android as it is on iOS as well as on a PC browser. The only difference is that on iOS you need to open the Gmail App and then open Settings to access the Manage Your Google Account menu. Below are the steps to follow on any platform.
- Open your Google Account
- Click on Manage Your Google account
- Select the Security tab
- Scroll down and click on 2-Step Verification
- You will be prompted to input your password
- After entering the password, scroll down again and click on Backup Codes
- Input your password again as prompted
- You are now on the backup codes page, click Get Backup Codes
- The system will now generate 10 backup codes
- You can choose to either “Print Codes” or “Download codes“
- Print codes will allow you to save it as a PDF or send it to a printer
- Download codes will generate a .txt file that you can save
- Have a look at the slideshow below for additional guidance.
- How to Set Up 2-Step Verification on Your Google Account
- What is Two-Factor Authentication and why should you use it
How To Securely Store Your 2SV Backup Codes
As we have already highlighted, these backup codes are not very secure and their security depends on how far you keep them from prying eyes. Someone can steal them and gain access to your account if they know the password, hence they should be stored securely. Perhaps the old-school low-tech means to store these backup codes is by simply printing them. Then hiding them at a location in your house not accessible to many.
If you apply these 2SV solutions to streamline access of teams to shared accounts, consider using a password manager to store the codes as file attachments or codes. Also, you have to make sure the password manager is secure by ensuring recovery codes for the password manager are secure as well. This can be a single and simple password that you can keep in your mind. If it is too complicated to keep in mind, you can print it out and hide it far from your devices.
If this is not done properly your accounts can become compromised. An example is when an employee prints the codes and forgets them on the printer and another employee without access comes across the print out.
We would like to hear your opinion about these verification backup codes. Do you think the benefits outweigh the risks? Would you be willing to set them up for your Goggle account? Kindly share your thoughts with us via the comments section below.
- How to secure your WhatsApp with two-step verification
- How to Enable Two-Factor Authentication on Your Social Media Accounts