Signing in to a service

Recovery codes

A list of randomly generated alpha-numeric codes.

Description

This allows a person to regain access to their data with single-use codes. Codes are downloaded and stored in a safe place, in case the user loses other authenticate factors such as text-messages, objects or the authenticator app.

Advantages

  • Allows access to data when other factors are lost or unavailable
  • Can be stored on local devices or in physical security

Limitations

  • If lost, access to data is potentially lost permanently
  • If found, it can lead to unauthorised access to data

Examples

  • Most services that use multi factor authentication create recovery codes for use when the other factor is unavailable. For example, Github or Lastpass.