Two-factor authentication secures your accounts with an additional authentication method, often a time-limited code generated by a mobile app. But what happens if you lose or reset your phone and can’t generate the codes?
Each service offering two-factor authentication works differently and has different recovery procedures, but they all share some things in common. Follow these steps to ensure you don’t end up locked out of your accounts.
Print and Secure Your Backup Codes
Many companies, from Google to Blizzard, offer backup codes that you can use if you ever lose your two-factor authentication device or don’t have it with you. For example, Google prompts you to print out backup codes when you enable two-factor authentication. You should print these out and keep them some place secure.
For a Google account, these codes often only work once each, ensuring that people who may intercept that codes can’t log into your account. If you run out of codes, be sure to generate some more. You can print backup codes using your Google account’s two-factor authentication page.
Check Your Linked Cell Phone Number
Many services allow you to provide a cell phone number that you can use as a two-factor authentication method or to recover your account if you ever lose your two-factor authentication device. They’ll often send you a text message and you can use the contents of that text message to override the two-factor authentication and get back into your account.
Check the phone number you have linked to your accounts and ensure it’s up to date. If you get a new phone number, be sure to update it with the services you use so you won’t get locked out of your accounts.
Ensure You Have a Linked Email Address
Many services, including Lastpass, also allow you to remove two-factor authentication via a confirmation link emailed to your linked email address. Ensure your backup email is up-to-date and remains open. If the service is linked to your main email account, this will be simple — but if the service is your main email account, you’ll want to have separate backup email account for it — just in case.
You should log into this email address regularly, as companies like Microsoft, Google, and Yahoo! reserve the right to delete email accounts that aren’t logged into on a regular basis. You wouldn’t want to find that your email address was incorrect or no longer exists if you need it to recover your account.
Check Your Personal Information
Ensure any personal information you’ve provided to the service is correct. This includes answers to security questions as well as your birthday and other personally identifiable information. You may be asked to confirm this information if you ever need to recover your account — you wouldn’t want to be locked out of your account because you provided them with a random, incorrect birthday and you can’t remember the date you said.
Back Up Your Two-Factor Data
For a higher-tech solution, you could try backing up your two-factor authentication data. For example, when you enable Google Authenticator, you’ll see a code that you need to enter into your Google Authenticator app. This secret code is only supposed to be entered once, but you could write it down and store it in a safe place. if you ever lost your two-factor authentication data, you could then enter the secret code into a Google Authenticator app and you’d see the time-limited login codes you needed. The same applies to other services that provide you with a code you can enter into Google Authenticator or a compatible authentication app.
This isn’t ideal for security, as anyone who gains access to the code would have access to your two-factor authentication codes. However, if you were to write it down and put it some place safe where people can’t get at it — like in a physical safe — this can be a useful backup method.
If you’re using Android, you can even create a backup copy of your Google Authenticator app’s data using something like Titanium Backup and restore it on another phone.
Two-factor authentication can offer peace of mind, but it should be handled carefully. If you use two-factor authentication for any service, be sure you have a backup plan if you can’t access your codes. If you fail to print out authentication codes, you let your backup email lapse, and your phone is stolen so you can’t access your codes or get a recovery code via text message — well, you could be in trouble.
Image Credit: DeWitt Clinton on Flickr