Skip to content
Online Safety

Two-factor authentication recovery backup codes before replacing a phone later

Checking Recovery Codes Before You Start a Phone Upgrade

Metal lock and key case with blank security card on brushed metal surface for account recovery preparation.

Before replacing your phone, recovery backup codes for two-factor authentication should be confirmed as accessible. These codes provide a fallback way to sign in when text messages or authenticator apps are not available on a new device. During the transition, missing codes can cause account lockouts. Verifying that you still have your current codes is therefore a practical step to take before transferring data or erasing your old phone. Open the security settings for every account using two-factor authentication. Look for terms such as recovery codes, backup codes, or one-time codes.

Many services initially provide a list of codes when two-factor setup finishes, and they typically allow you to view or generate new ones from the same settings page. Save existing codes in a secure place you can reach from your new phone. When the list is not shown, check whether generating a fresh set is possible before continuing.

Generating a Fresh Set of Codes When the Old Ones Are Missing

Missing original recovery codes does not mean they are gone permanently. Many services offer an option to create new backup codes within the two-factor settings section. The link or button for this action may read “generate new codes,” “get new backup codes,” or “reset recovery codes.” Choosing that option typically makes the old set invalid, so only proceed when sure the earlier codes are not accessible through any stored location. Save the new set straight away in a location that the phone swap will not affect, for example a password manager or an encrypted file on a computer.

Certain services restrict how often regenerating codes is allowed. Read the screen wording before confirming the action. A message like “Replace Codes” or “Generate New Codes” normally works without a waiting period on major platforms. After creating the new codes, test one by signing out and back in using an already-trusted device. That check confirms the new codes will function properly when you rely on them during the actual phone replacement. Contact the service support team only when the test does not succeed.

A sealed metal storage case with a short chain and three small block components on a gray studio surface.

Saving the Codes in a Place You Can Reach From a New Phone

Recovery codes are only useful if you can find them when you actually need them. A common mistake is saving them only on the phone that’s currently being used. If that phone is lost, damaged, reset, or replaced, the recovery codes may disappear with it, leaving you without an easy way to sign back into your accounts.

A better approach is to keep the codes in more than one secure location. For example, you could save them in a password manager that syncs across your devices, so they’re available whether you’re using a computer, tablet, or new phone. Another option is to store them in an encrypted document or secure note that you can access through a trusted online account. If you choose this method, make sure you also have a recovery plan for that account so you don’t end up locked out of both at the same time.

It’s also a good idea to have an offline backup. Many people print their recovery codes and keep the paper somewhere private, such as a locked drawer or a home safe. This gives you another way to retrieve the codes if you can’t access any of your digital accounts. Wherever you store them, the important thing is knowing exactly where they are before you need them—not after you’ve already lost access to your phone.

Secure storage case with chain and location-key blocks representing backup code safety.

Using a Recovery Code When You First Sign Into the New Phone

When you set up a new phone, some of your accounts may ask for a two-factor authentication code before allowing you to sign in. If the old phone is no longer available to receive text messages or authentication app codes, that’s when your recovery codes become important.

Instead of waiting for a verification message that can’t reach you, choose the option to use a recovery code if the service provides one. Enter one of the unused codes exactly as it appears. These codes are often a combination of letters and numbers, and some services require you to match uppercase letters, lowercase letters, hyphens, or spacing exactly. If even one character is entered incorrectly, the code may not be accepted.

Remember that recovery codes are normally designed for one-time use. After a code has been used successfully, it should be considered expired. Remove it from your list or mark it as used so you don’t accidentally try to use it again in the future.

If the service rejects the code, double-check that you’re using one that hasn’t already been used. It’s also worth confirming that you’re looking at the most recent set of recovery codes, since some services automatically invalidate older codes after new ones have been generated.

Once you’ve finished signing in on your new phone, take a few minutes to reconnect your preferred two-factor authentication method. After everything is working again, generate a fresh set of recovery codes if the service offers that option, then replace your old backup with the new one. Keeping your recovery information up to date means you’ll be much better prepared if you ever need to change devices again.