A backup code for two-step authentication can be used to disable the feature on your account in the event that you lose your devices that were used for the second authentication step. The code is only displayed once during setup, so make sure that you write it down and store it securely in a safe location. If you lose your code but still have account access, you can generate a new one from your authentication settings, which invalidates the previous code.

---

Your backup code can be used to disable two-step authentication on your account in the event that you lose every device that you use for the second authentication step. It is very important to keep this secure – possession of your password and backup code will provide full access to your account.

Obtaining a backup code

• At the end of the two-step authentication setup process, Stripe will display a backup code. This code is only displayed once, so make sure that you write it down and store it somewhere safe.
• If you lose your code but still have access to your account, you can generate a new backup code from your two-step authentication settings at any time. This will invalidate any previous backup code.

Storing the backup code securely

We recommend storing your backup code in one of the following ways, in order of decreasing security:

• On a piece of paper or a USB flash drive locked away in a secure deposit box
• On a piece of paper or a USB flash drive locked away in a safe at home
• On a piece of paper in a filing cabinet or somewhere else that is unlikely to be seen by guests or photographed
• On a USB flash drive that's not plugged into a computer very often, or
• In your password manager as a password field (not plain text)

Any of the above methods should provide protection against the most common threats to your account.

Note that when using a USB flash drive, we strongly recommend that you dedicate one device to backup codes for Stripe and other websites only, and that you only ever plug it in to add or read a new code. This makes it more difficult for malware to read the credentials.

We do not recommend storing your backup code:

• In cloud storage
• On your hard drive
• On removable storage that's frequently plugged in to your computer or
• In your password manager as plain text.

If you suspect that your backup code may be compromised, go to your two-step authentication settings and generate a new one as soon as possible. This will invalidate the old code.

If you do not have your backup code OR your authorised two-step authentication device

• If you are an account owner, submit a request via the account recovery form. For security purposes, you will be asked to provide detailed information to confirm your identity. Once we've confirmed your identity, you'll be able to sign in using your password.
• If you are not an account owner, contact your account owner to ask them to remove two-step authentication for you.