When you turn on two-factor authentication (2FA), we give you 10 backup codes. These are your way back in if you lose your phone.
What Backup Codes Are
Each code is a one-time password. You use it instead of the 6-digit code from your authenticator app. Once used, that code is dead — you have 9 left.
Where To Store Them
- Password manager (best): 1Password, Bitwarden, Dashlane. Store the codes in a secure note attached to your DeData entry.
- Printed and locked away: Print them and put the paper in a fireproof safe or with other important documents.
- Encrypted file: A password-protected text file on a drive you control.
Do not store them in a plain text file on your desktop, in your email drafts, or in cloud notes that aren't end-to-end encrypted.
When To Use Them
You lose your phone. You wipe it. You change phones and forget to migrate the authenticator. Any time you can't get a code from the app, use a backup code instead.
If You Lose Both Phone And Backup Codes
Email support@dedatalabs.org from the email on your account. We will run a manual identity review. This involves answering questions only the account owner would know (recent broker scans, billing card last 4, registration IP region). Manual review takes up to 3 business days. We do this slowly on purpose — it is the same path an attacker would try.
Regenerating Codes
[Settings → Security → 2FA → Regenerate Backup Codes]. The old set stops working immediately. Save the new ones somewhere safe.