Since past few years, profile highjacking cases are on the rise. Using only the traditional password to lock down your Google account is like shining a beacon for potential data and identity theft. Recently, several YouTube accounts were compromised. The hackers managed to steal their data because the owners used traditional passwords, instead of using the standard two-factor authentication.
For the uninitiated, this is a simple step where you introduce a second level of security. It can either be in the form of SMS verification or a call verification. So if someone tries to access your account, the final key to your account control stays in your hands instead of them.
When it comes to Google's two-factor authentication, it offers two default ways: a prompt on your secondary device and via SMS. When you want to log into your account, enter the password, and wait for the prompt. Tap on it and voila!
However, it may not work out as you expect it every time. For instance, if you have no access to the SMS or calls, then you might not be able to login to your account. Or worse, if your primary device is stolen.
In such circumstances, Google's Backup codes can act as the real backup to save the day.
What Are Google 2FA Backup Codes
Google 2FA backup codes are a string of numbers that are used to authenticate your account when you can't access your verification codes. Google generates a total of 10 codes at a time, and wants you to store them at a secure location, which you can visit as per your convenience.
You can also generate a second batch of numbers if you feel there is something fishy with the first batch.
Also on Guiding Tech
How to Setup Google 2FA Backup Codes
Step 1: Sign in using your primary Google account and go to Google 2-Step Verification.
Once in, tap on the Get Started button. If you’ve set 2FA already, then you'll see the date at the top.
Apart from that, you'll also see the other 2FA methods that already exist for your account. In my case, I had enabled Google Prompt and SMS verification earlier.
Step 3: Next, scroll down until you see the option for Backup codes. Tap on Set up, and you'll be welcomed with a bunch of random digits.
Step 4: Now, all you need to do is tap on the Download button, and the said numbers will download in a text file to the Downloads folder of your PC.
To generate a new batch of numbers, tap on the Get New Codes button and a new set of numbers will greet you.
Pro Tip: Backup Codes always download with a file name such as Backup-codes-[username].txt. Just to be on the safer side, it's a wise idea to change the name of the file. For the paranoid ones out there, you can always zip the file using the 256-bit encryption.
How to Use Google 2FA Without Phone
Step 1: Next time you find yourself in a situation where you can't use the default Google Prompt or the SMS verification method, don't panic. Just login to your account and click on the Try another way button.
Step 2: You'll see all the activated methods listed on the login page. As you may have already guessed, you'll need to click on 8-digit backup codes option.
Enter one of the codes from the list that you downloaded earlier, and that's all. If the code is correct, you'll be able to login to the account quickly.
Once a code is used, Google 2FA will strike out the code. However, these codes are your passwords, and you must ensure that you store these codes as you'd protect your passwords.
How to Backup Google 2FA Codes
1. Google Keep
If your phone lets you lock your apps with fingerprint, you can keep all the codes locked away in a Keep file. And to take it a notch higher, assign a checkbox to each entry so that you can check off the used codes easily.
Again, you should use this only when the app in question can be locked (and opened only by you).
2. Password Manager: DashLane
Password managers like Dashlane come with a secure vault where you can store keys, passwords, and codes securely. Going by the name of Secure Notes, this feature stores these keys and codes as it stores your passwords.
To access Secure Notes, open the web app, open the left menu, and tap on the Secure Notes option. That's all.
At the same time, make sure you guard the password manager with a strong password.
3. Write Them Down
I know, you shouldn't write down passwords. But at times, electronics can fail, and you may not have access to your password manager or your to-do app.
And that’s when a physical copy comes to your rescue. Make sure that you store it in a proper location.
Also on Guiding Tech
Data Is the New Currency
Lately, the phrase has grown popular - data is the new currency. Hence, it's of utmost importance that you protect it with a second layer of security, which means two-factor authentication. At the same time, you must also ensure that you are not in the dark when the 2FA fails. In moments like those, backup codes shall come to your rescue.
Next up: Looking to bump up your account security? Read the following post to find out some of the best 2FA apps out there.