I used some backup codes — do I need new ones?

Each code works once, so used ones are spent. When you're running low, regenerate a fresh set in the account's security settings and save them; regenerating invalidates the old list.

Two-Factor Authentication

What are 2FA backup codes and how do I save them?

By Bridget · Updated May 2026 · Reviewed by Locket Security Team

★

★ the short answer

2FA backup codes are one-time-use codes that log you in when you can't get your normal second factor — for example, if you lose your phone. Most platforms give you a set when you enable 2FA. Save them in your password manager or print them; never store them only on the same phone that runs your authenticator.

What exactly are 2FA backup codes?

Backup codes are a short list of single-use codes a service generates when you turn on two-factor authentication. Each one can replace your usual 2FA prompt once. They exist so a lost, stolen, or wiped phone doesn't lock you out of your own account permanently.

Where do I find my backup codes?

They're shown during 2FA setup and can be regenerated later in the same security settings — for example, Google's 2-Step Verification page or Instagram's two-factor authentication screen. If you didn't save them, regenerate a fresh set, which invalidates the old ones, and store them immediately.

What's the safest way to store backup codes?

Save them in your password manager's secure notes, print them and keep them somewhere private, or store them in an encrypted file. The key rule: don't keep them only on the same device that holds your authenticator app — if that phone is lost, you lose both at once.

Frequently asked

: Each code works once, so used ones are spent. When you're running low, regenerate a fresh set in the account's security settings and save them; regenerating invalidates the old list.

Want a human in your corner?

Locket Security helps creators recover, lock down, and protect every account they monetize — without the enterprise jargon.

See how Locket helps ★

Account Recovery

What if I lost access to my 2FA codes?

Losing your authenticator device feels like being locked out for good — but backup codes and recovery flows usually get you back in. Here's the order to try them.

Medium priorityRead guide →

Password Security

What's the best password manager for creators?

A password manager is the foundation of creator security — it makes unique passwords effortless and lets you share logins with a team without handing over the keys.

Low priorityRead guide →

Two-Factor Authentication★ Start here

How do I turn on 2FA for Instagram?

Two-factor authentication is the single biggest thing standing between a creator and an account takeover. Here's the exact path to switch it on the right way.