Two Factor Authentication ( 2FA ) has taken a beat recently as being a less than ideal security meter. partially of the problem is that some 2FA codes are sent via SMS, which can be intercepted .
In some cases ( such as many trust institutions ), the 2FA arrangement doesn ’ triiodothyronine give up interaction with apps like Authy or the Google Authenticator. alternatively, they insist on sending you 2FA codes via SMS. For the more security-minded, this international relations and security network ’ t actually an option. In fact, for some people evening using the mobile apps international relations and security network ’ t the greatest estimate. specially when you ’ re dealing with an history associated with your clientele .
fortunately, some services offer 2FA backup codes that can be used as an analogue option. Google is one such service. When you set up 2FA for Google you are given the choice to print out seven backup codes that can be used in the case of an emergency. Those codes work and, when you run out, you can always generate more.
You can already see where I ’ megabyte going with this .
SEE: Password Management Policy (Tech Pro Research)
In some instances, I have Google set my browser as safe, so I don ’ t have to enter a 2FA code every time I log in. It ’ s only when I ’ thousand aside from my office or setting up a new machine that I need a code. If I ’ megabyte feeling preferably paranoid, I ’ ll function one of those 2FA emergency codes. When I run out, I generate more. It ’ mho that simple .
But how to do it ? Simple. Let ’ s find out .
How to retrieve those codes
If you didn ’ metric ton print out those codes, upon setting up 2FA, the first thing you ’ ll indigence to do is retrieve them. To do that, you must log into your Google score, and then go to the Google 2FA web site, where you ’ ll be prompted to log in once again. Upon successful authentication, you ’ ll see an entrance for Backup codes. Click the SHOW CODES release ( Figure A ) .
A pop fly will appear, listing your 2FA hand brake codes. You can then download them ( as a .txt file ) or print them immediately. The list will besides show you only those codes you have not used ( as the rest will be listed as ALREADY USED ). Handy .
Word of caution
For those that opt to download the .txt file, I suggest you do indeed, and then encrypt that file. Don ’ thyroxine leave it hanging around, unprotected, on your local drive for prying eyes to sneak a peek. besides, included in that file is your Gmail cover associated with the report. I highly recommend you delete that occupation in the file ( on the off-chance person does stumble upon the file and manages to open it ). The last thing you want is to make it easy for a bad actor to put two-and-two together and realize those codes are associated with that address. There is besides a line that looks like this :
Need more? Visit https://g.co/2sv
I recommend deleting that cable, as it could give away the secret to what those codes are for. Once you ’ ve deleted those lines, spare and close the file. Encrypt it, and your codes are less likely to be seen by prying eyes .
How to generate new codes
surprise ! In that same pop-up book, you ’ ll see a release labeled GET NEW CODES ( Figure B ). Click that clitoris and seven new codes will generate.
here ’ s a tip. only consumption six of those codes, and consider the seventh your key to get more codes. This is particularly true if you opt to not use a mobile app for Google 2FA. You don ’ thyroxine want to find yourself without that one last identify, so you can log in and generate more .
Not a perfect solution
2FA is not a perfective solution. But if you can avoid using sites and services that send 2FA codes via SMS ( and if those sites in question would start supporting mobile 2FA apps ), you ’ ll be less likely to have your codes stolen and used against you. even so, you might consider entirely using these Google codes for 2FA authentication. Use them wisely and understand, when it comes to security, nothing is ever 100 % .