MFA Backup Codes 

Services will offer backup codes which you can print off and store in a secure location like a fire-proof safe for emergencies. 

These are to be used in the event that the normal MFA method doesn’t work.  Some MFA apps don’t transfer over to a new phone automatically and would need to be set up afresh. If you normally get a code via SMS, the backup code could be used if the mobile network signal is down. 

These codes are normally one time use. When you are low on backup codes, it is recommended to generate new ones. 

Additional Organisation Considerations 

  • Increase workload for IT helpdesks having to support when users lose MFA devices or lost backup codes 
  • Should factor in how administrators can gain access to systems in the event of MFA not being available. This could be an emergency “break glass” admin account that only uses single authentication factor.