Backup codes for two-step authentication requirement : Stripe: Help & Support

Backup codes for two-step authentication requirement

A backup code for two-step authentication can be used to disable the feature on your account if you lose your devices used for the second authentication step. The code is only displayed once during setup, so be sure to write it down and it should be stored securely in a safe location. If you lose your code but still have account access, you can generate a new one from your authentication settings, which invalidates the previous code.

Your backup code can be used to disable two-step authentication on your account in case you lose all your devices used for the second authentication step. It is very important to keep this secure—possession of your password and backup code results in full access to your account.

Obtaining a backup code

At the end of the two-step authentication setup process, Stripe will display a backup code. This code is only displayed once, so be sure to write it down and store it somewhere safe.
If you lose your code but still have access to your account, you can generate a new backup code from your two-step authentication settings at any time. This will invalidate any previous backup code.

Storing the backup code securely

We recommend the following ways of storing your backup code, in order of decreasing security:

On a piece of paper or a USB flash drive in a secure deposit box;
On a piece of paper or a USB flash drive in a locked safe at home;
On a piece of paper in a filing cabinet or somewhere else unlikely to be seen by guests or photographed;
On a USB flash drive that’s otherwise infrequently plugged into a computer; or
In your password manager as a password field (not plain text).

Any of the methods above should be secure against the most common threats to your account.

Note that when using a USB flash drive, we strongly recommend that you keep one dedicated to backup codes for Stripe and other websites and only ever plugged it in to add or read a new code. This makes it more difficult for malware to read the credentials.

We do not recommend storing your backup code:

In cloud storage;
On your hard drive;
On removable storage that’s frequently attached to your computer; or
In your password manager as plain text.

If you suspect that your backup code may be compromised, go to your two-step authentication settings and regenerate a new one as soon as possible. This will invalidate the old code.

If you do not have your backup code OR your authorized two-step authentication device

If you are an account owner, submit a request through the account recovery form. For security purposes, you will be asked to provide detailed information to confirm your identity. Once we confirm your identity, you’ll be able to sign in using your password.
If you are not an account owner, contact your account owner to ask them to remove two-step authentication for you.