Skip to main content

Recovery codes

You can use recovery codes as an emergency fallback option, in addition to other authentication methods.

Recovery codes overview

Your users can register for a set of sixteen-digit alphanumeric codes that they can use to recover their accounts or sign transactions in emergency scenarios. The user has to save or write down these codes and keep them safe, separate from other authenticators. They are only to be used in case they lose their authenticator devices. We do not recommend the use of recovery codes as a primary authentication method.

We recommend recovery codes as an authentication method, if the following are true for your business:

  • You already implemented another authentication method.
  • Your users carry out sensitive transactions, where delay is not an option.

Storing recovery codes poses a risk of attack. For this reason, only register users for recovery codes, if it is essential that they can quickly recover their accounts in emergency cases.

Registration and authentication flow

To get started, you need the following information available:

  • Instance ID
  • Access Key

For more information on the instance ID and the Access Key, see the API documentation.

To implement and use recovery codes, see the instructions on the following pages:

  1. Request recovery codes
  2. Authenticate with recovery codes