Back to browse
Set Up 2FA Without Losing Your Mind (And Your Codes)
TECH EASY 4 min
Everyone says "turn on two-factor authentication." They rarely say what happens when you drop your phone in a pool.
I locked myself out of three accounts in 2024 because I set up 2FA correctly but did the backup part badly. This is the thing nobody explains clearly, so here goes.
Pick ONE authenticator app and stick with it
The apps everyone mentions:- Google Authenticator - free, works, no sync until recently. Now has cloud sync but you have to opt in.
- Authy - has sync by default. Also had a breach in 2024, so some people moved away. Still fine if you trust it.
- 1Password / Bitwarden - if you're already paying for a password manager, use the built-in TOTP. This is what I do.
- Microsoft Authenticator - fine if you're deep in the Microsoft ecosystem.
The two things you actually need to save
Whenever a site shows you a QR code during 2FA setup, there's also usually a setup key (a string of letters and numbers). You want both.- Save the setup key somewhere outside your phone. Password manager secure notes. A printed sheet in a drawer. Whatever. If you only have it in one authenticator app and your phone dies, you're toast.
- Save the backup codes. Every reputable site gives you 8-10 one-time recovery codes when you turn 2FA on. Save these. Same place. Do NOT skip this.
What I actually do (for reference)
I keep a single encrypted note in Bitwarden called "2FA recovery." It has:GitHub
setup key: XXXX XXXX XXXX XXXX
backup codes: [10 codes]
recovery email: [address]
Google
setup key: XXXX XXXX XXXX XXXX
backup codes: [10 codes]
...
Takes about 30 seconds per account. Takes about 30 seconds to reference if I ever need to move to a new phone.
The setup flow, for a random account
Say you're turning on 2FA for GitHub.- Go to Settings → Password and authentication
- Click "Set up using an app"
- Before you scan the QR code, click "enter this text code" and copy the setup key. Paste it in your Bitwarden/1Password note.
- NOW scan the QR code with your authenticator
- Enter the 6-digit code GitHub asks for
- GitHub shows you backup codes. Copy all of them into the same note.
- Confirm. Done.
If you've already set up 2FA without saving keys
You can usually disable 2FA and re-enable it. When you re-enable, that's your chance to save the setup key and backup codes properly. Do this now for any critical account (email, banking, work). Also: most sites let you generate new backup codes at any time. If you don't have yours, go generate a fresh set and save them.What happens when you lose your phone
With backup codes: log in with a backup code. Disable 2FA. Set it up fresh on the new phone. Done in 5 minutes. Without backup codes: account recovery nightmare. Customer support tickets. Proving your identity with IDs. Sometimes you just lose the account. I've seen people lose years of Gmail history this way.The one site that's different: Apple
Apple's 2FA is weird. They don't give you backup codes. They give you a "recovery key" that's 28 characters. Treat it like the most important thing in the bitwarden note. If you lose your iPhone AND you don't have the recovery key, Apple cannot get your account back. They will not make an exception. I am not exaggerating.Quick checklist
Before you close this tab:- Open your password manager (or phone notes)
- Make a file called "2FA recovery"
- Pick your three most important accounts (email, bank, work)
- Disable and re-enable 2FA on each, saving setup keys + backup codes this time