They’re just called “backup codes” now. But yeah.
Comment on [deleted]
MicrowavedTea@infosec.pub 3 weeks ago
The most annoying part is you may get this for a previous phone even if you have registered a new phone. If you really want to avoid Google’s forced MFA the best way is to actually enable MFA and generate some airplane codes. Those can generally be used regardless of what Google asks at the time and you can store them offline or even memorize a couple. Probably not as secure but at least you won’t get locked out.
Ibaudia@lemmy.world 3 weeks ago
LodeMike@lemmy.today 3 weeks ago
Also, Google will outright not allow you to log in even with all authentication methods if it doesn’t like your IP or browser.
JasonDJ@lemmy.zip 3 weeks ago
Airplane codes? Was that an autocorrect for API?
unmagical@lemmy.ml 3 weeks ago
No. When you enable 2FA Google gives you about 10 backup codes that will always work regardless of if you have access to your authenticator app.
MicrowavedTea@infosec.pub 3 weeks ago
Apparently they’re called backup codes now. I could swear they used to be called airplane codes (because they’re offline ig). It’s just some randomly generated 8-digit codes.
LodeMike@lemmy.today 3 weeks ago
You can’t enable MFA without a phone number or a mobile device.
njordomir@lemmy.world 3 weeks ago
This is a good reminder. I recommend everyone grab their takeout data every now and then, but also, print out the 6 codes and put them in a safe deposit box, safe, bury them in a ziplock bag inside of a coffee can in your yard, etc. Hopefully it will be a waste of your time, but if you need them, they’ll be there.