When you use two-factor authentication (2FA) on your WordPress website, you need the username, password, and a one-time code to login.
The one-time code can be generated by an app, sent to you over email, or generated by a third party specialized device. However, how can you still login if you not have access to the 2FA app, or the mailbox where the 2FA code was sent? Is there a fail safe backup plan?
Yes, there is. You can login with backup codes. In this article we explain what backup codes are, how you can generate them, and how you can login with them.
What are backup codes?
Backup codes are a number of one-time codes you can generate specifically for your WordPress user when you have 2FA enabled. You need the backup codes in case you want to login to your WordPress website and cannot access the primary one-time code generator.
How do you get the 2FA backup codes?
If you are using WP 2FA as your WordPress two-factor authentication plugin, when you setup 2FA for your WordPress user the wizard gives you the option to generate ten backup codes.
If you did not generate them through the wizard, you can still generate them from your user profile page. Click the button Generate backup codes in the WP 2FA settings section, at the bottom of your user profile page.
When the backup codes are generated, download the text file and save it in a secure location. You can also print the codes.
How do you use the backup codes?
To login to your WordPress website you need the username, password and the one-time code. If you cannot generate the one-time code via the normal primary means, click on use a backup code when asked for the two-factor authentication code. The link is highlighted in the below screenshot.Enter one of your backup codes and you will login to your WordPress website.
How many backup codes can you have, or have left?
Backup codes are also one-time codes. So once a code is used, it cannot be used again. By default the plugin creates ten backup codes for every user. You can see how many backup codes you have left under the WP 2FA settings section in your profile page.
Do not wait until you have just one backup code left. Don’t risk getting locked out. Create ten new backup codes whenever you have less than two unused backup codes left.
Get started with 2FA on your WordPress website
Have you enabled two-factor authentication (2FA) on your WordPress website? If not, now is the right time to try! Use WP 2FA, a free WordPress two-factor authentication plugin. WP 2FA is very easy to use and allows you to configure 2FA policies to make 2FA mandatory.
Source: Security Feed