You can use recovery codes as an emergency fallback option, in addition to other authentication methods.
Use recovery codes if you
Your users can register for a set of sixteen-digit alphanumeric codes that they can use to recover their accounts or sign transactions in emergency scenarios. The user has to save or write down these codes and keep them safe, separate from other authenticators. They are only to be used in case they lose their authenticator devices. We do not recommend the use of recovery codes as a primary authentication method.
We recommend recovery codes as an authentication method, if the following are true for your business:
- You already implemented another authentication method.
- Your users carry out sensitive transactions, where delay is not an option.
Storing recovery codes poses a risk of attack. For this reason, only register users for recovery codes, if it is essential that they can quickly recover their accounts in emergency cases.
Registration and authentication flow
To get started, you need the following information available:
- Instance ID, see Endpoint
- Access Key, see Authentication
To implement and use recovery codes, see the instructions on the following pages: