Backup codes are your safety net for multi-factor authentication. They let you access your account when you can't use your primary MFA method.
What Are Backup Codes?
Backup codes are:
- One-time use recovery codes
- Generated when you enable MFA
- Valid until used or regenerated
- Your last resort for account access
Treat backup codes like a master password. Anyone with access can bypass your MFA.
Generating Backup Codes
Backup codes are automatically generated when you enable MFA. To view or regenerate them:
Go to Security Settings
Navigate to Settings → Security.
Find Backup Codes Section
Scroll to Backup Codes under your MFA settings.
View Codes
Click View Backup Codes and verify your identity with your current MFA method.
Download or Copy
- Click Download to save as a text file
- Click Copy to copy all codes
- Write them down manually
Understanding Your Codes
You receive 10 backup codes that look like:
abcd-efgh-ijkl
mnop-qrst-uvwx
1234-5678-9012
...
Code Properties
| Property | Value |
|---|---|
| Total codes | 10 |
| Format | 12 alphanumeric characters |
| Case sensitivity | Not case sensitive |
| Uses per code | One time only |
| Expiration | Never (until regenerated) |
Using a Backup Code
When you can't use your normal MFA:
Start Login
Enter your email and password as usual.
Select Backup Code
On the MFA prompt, click Use a backup code or Can't access your authenticator?
Enter Code
Type one of your backup codes (with or without dashes).
Log In
You'll be logged into your account.
Restore MFA Access
Immediately set up a new MFA method or recover your existing one.
Each backup code can only be used once. After use, it becomes invalid.
Storing Backup Codes Safely
Recommended Storage Methods
Password Manager (Most Recommended)
- Store in 1Password, Bitwarden, or similar
- Encrypted and accessible
- Separate from your Zenovay password entry
Encrypted File
- Create an encrypted ZIP or use VeraCrypt
- Store on multiple devices
- Remember the encryption password
Physical Storage
- Print and store in a safe
- Write in a secure location
- Consider safety deposit box for extra security
Multiple Locations
- Keep copies in 2-3 secure places
- Don't store all copies together
- Update all copies when regenerating
What NOT to Do
- Don't store in plain text on your computer
- Don't email codes to yourself
- Don't save in cloud storage unencrypted
- Don't share with anyone
- Don't store with your password
Regenerating Backup Codes
Regenerate codes if:
- You've used most of your codes
- You suspect they may be compromised
- You want fresh codes as a precaution
Go to Security Settings
Navigate to Settings → Security.
Click Regenerate
Click Regenerate Backup Codes.
Verify Identity
Confirm with your current MFA method.
Save New Codes
Download or copy your new codes immediately.
Update Storage
Replace old codes in all storage locations.
Regenerating codes invalidates ALL previous codes. Any old codes will no longer work.
Checking Code Status
To see how many codes you have left:
- Go to Settings → Security
- Look at the Backup Codes section
- It shows "X of 10 codes remaining"
When You're Running Low
If you have 3 or fewer codes remaining:
- Regenerate new codes immediately
- Update all your stored copies
- Review why you've used so many
- Ensure your primary MFA is working
Emergency Situations
Lost All Backup Codes and MFA
If you've lost everything:
- Contact support at support@zenovay.com
- Be prepared for identity verification
- Recovery may take several days
Backup Codes Not Working
If a code doesn't work:
- Check you're entering the full code
- Try without dashes
- Ensure it hasn't been used before
- Try a different code
- Contact support if all codes fail
Best Practices
Regular Maintenance
- Check code count quarterly
- Verify codes are accessible annually
- Regenerate if any storage location was compromised
Security Measures
- Never share codes with anyone, including "support"
- Zenovay will never ask for your backup codes
- Treat as sensitive as your password
- Destroy printed codes securely when regenerating
Organization
- Label clearly (but discreetly) what the codes are for
- Include the date generated
- Note how many should remain unused
Backup Codes vs Other Recovery
| Method | When to Use | Security |
|---|---|---|
| Backup Codes | Lost MFA device | High (if stored securely) |
| Account Recovery | All MFA lost | Medium (requires verification) |
| Support Contact | Last resort | Low (time-consuming) |
FAQ
How many codes should I keep unused?
Keep at least 5 codes unused at all times. Regenerate when you reach 5 or fewer.
Can I get more than 10 codes?
No, each generation provides exactly 10 codes. Regenerate for a fresh set of 10.
Do codes expire?
Codes never expire unless you regenerate them. However, regenerating invalidates all existing codes.
Can I use the same code twice?
No, each code works exactly once. Attempted reuse will fail.
What if someone finds my codes?
They could bypass your MFA. Regenerate immediately and update your password.