Where should you store redemption codes?

Tero Vesalainen / Shutterstock.com

You have taken steps to secure your digital services by enabling two-factor authentication. But what do you do with the recovery codes the service gave you for access if the usual authentication method is not available?

You need to keep your recovery codes safe, but most importantly, keep them in a place where you can access them when you need them.

What are redemption codes, and why do I need them?

Recovery codes are fail-safe, a way to bypass additional security measures placed on a digital account or service. They are randomly generated, for single use, and usually consist of at least 16 digits.

You are often given one code, but you may also receive several, for example when setting up two-factor authentication (2FA) on a Google account. If you get multiple codes, any of them can be used to authenticate your login.

2FA Redemption Codes for Google Account

Two-factor authentication requires a second method to authenticate access, often on a separate device. If this device is lost, stolen, or malfunctions, you may lose access to the account forever. Redemption codes are an authentication backup, used when the second factor is not available in 2FA.

In the case of a zero-knowledge service, such as cloud storage, a recovery code or key is similarly used. The recovery code or key is digitally associated with the password. If you forgot your password, the recovery key proves that you are authorized to access the account. It is crucial to keep this type of recovery code in a safe place as it is used in place of your password, not next to it.

2FA enabled, where is my redemption code?

When you set up two-factor authentication (2FA) on your accounts, there is usually a clear prompt to generate and download your recovery code. If you miss, or download a code and don’t know where it is, you can usually create a new one from within the account.

Sign in to your account using the two-factor authentication method you set up. The recovery code can usually be found in the Security section of your account settings. You may find your current recovery code here, or instructions for creating a new one. When creating a new code, any previously downloaded codes will be invalid. Make sure to keep it in a safe place!

Option 1: Print your recovery codes

For most people, storing recovery codes on paper is one of the safest ways. No one can hack or access the paper remotely. You may lose a piece of paper, but you can easily print several copies, keep one at home, one in your wallet or purse, etc.

As long as you don’t store the codes along with your other login details, there isn’t much anyone can do with them even if they see the hard copy. It’s not a very technologically advanced method, but sometimes the old ways are the best.

Option 2: Store recovery codes in the cloud

Another good option is to store recovery codes in a cloud storage vault, as long as it also doesn’t use two-factor authentication. If so, you are moving the problem a step back.

Keeping your recovery codes in a cloud storage vault means that you can access them anywhere, as long as you have some means to get online. You can use a cloud storage service that you already have an account with or take advantage of the free account offered by almost every cloud storage provider.

When you download recovery codes as a text file or PDF file, you are usually given a random file name. If you think you might forget the purpose of the file and the icons, you can call it something memorable. Just don’t call the file “LastPass 2FA Recovery Codes” or anything obvious.

As with most of the other methods we discuss, it’s best to store your redemption codes on their own and not in the same place as your other login details. If you follow this rule, hiding the file behind a dummy file name becomes less important.

Option 3: Keep the recovery codes on a USB flash drive

Keeping recovery codes on a USB flash drive has many advantages. No one can hack it to steal the codes, it does not depend on an internet connection to access it, and it is easy to carry.

Most mini USB drives have a slot or loop so that they can be attached to the keyring. And since you are not likely to leave your keys in unsecured places, your USB and your recovery codes will be safe.

A USB flash drive connected to a laptop computer and attached to a keyring with a physical key.
Omurali Toichiev / Shutterstock.com

If you choose to use this option, it is best to use a high-quality USB flash drive. Ideally, choose one with a metal chassis to reduce the risk of the drive getting broken or lost.

You can also protect a USB drive with a password, or even encrypt it with BitLocker or another encryption tool. But this requires you to remember another password.

Where you should never store recovery codes

2FA recovery codes are not as sensitive as passwords, at least not on their own. But there are still a few places that you should never keep.

Inside a 2FA Protected Account or Service

Do not keep password manager recovery codes inside the password manager. If you have two-factor authentication enabled on your Google account, do not store recovery codes in Google Drive. These may seem obvious, but when you get used to using one place to store all your sensitive data, it is easy to make this kind of mistake.

on your computer desktop

Many of us rely on browser password autofill tools these days. If your computer is accessed by someone with bad faith, they may not even need to know your password. Your computer can enter them for them, and when you combine them with recovery codes, you can access your 2FA protected accounts.

On a sticker paper stuck to the screen

Like the reasons above, if you have your recovery codes in a sticky note and someone actually gets access to your computer, the recovery codes are right there. If they can figure out the accompanying password, you’ll have a problem. But, you might say, storing recovery codes on paper is the first option in this guide. It is, and it’s okay to keep the codes on paper, as long as the paper is kept in a private and secure place, away from your device.

Store your redemption codes safely

2FA recovery codes are important, and you should keep them safe, but most importantly keep them close at hand.

Using a combination of the methods explored here will mean that your redemption codes are safe and available when you need them. Choose the methods that work best for you, and take advantage of whatever tools are already available.

For example, if you already have cloud storage, or you always carry a USB drive on your keys, keep your codes there. Then also print it as a backup.

Here are some final thoughts and tips to keep in mind when storing a redemption code:

  • Never store redemption codes with other account login information. This includes your username, password, or account name.
  • Splitting the recovery code into two parts can improve security when storing it. Someone who finds the pieces of code cannot use them without realizing the need to join them. And even then, they need to know the order in which the parts are inserted.
  • For the most important two-factor authentication (2FA) protected services, such as a password manager that keeps all your account login details, update or update your recovery codes regularly.
  • But remember, if you update your codes, or if you have to use a one-time use redemption code, don’t forget to replace the stored code with the new one.

Related: 8 Cyber ​​Security Tips for Staying Protected in 2022

Leave a Reply

%d bloggers like this: