Backup Verification Codes | MFA - Zoho Accounts

Backup Verification codes

What are backup verification codes?

Backup verification codes are a set of 12-digit codes that you can use to recover your Zoho account if you lose access to your MFA device or have issues signing in using MFA. These codes can be generated from accounts.zoho.com once you enable MFA for your account.

Some points to note:
  1. Once generated, the backup codes will not be displayed again. You will have to save them when you generate them.
  2. Each code can only be used once to recover your account.
  3. If you have used up all your codes or lost them, you can always generate a new set of backup codes.
  4. Whenever you generate a new set of codes, the old unused codes will become invalid.

How to generate backup verification codes?

From accounts.zoho.com
From Zoho OneAuth
From accounts.zoho.com
  1. Sign in at accounts.zoho.com.
  2. Click Multi-factor Authentication in the left menu.
  3. Click MFA Recovery Options , then click Generate new codes.

    NotesNote: (for organization users): Organization admins can set up and enforce policies that restrict you from generating backup verification codes. If you are not shown the option to generate the codes, contact your administrator for clarification.
  4. You can either copy those codes and save them, or download them as a file and view them using a text editor.
From Zoho OneAuth
  1. Open the OneAuth app.
  2. Go to the Settings tab.
  3. Tap Account Settings.
  4. Under MFA SETTINGS, tap MFA recovery.
  5. Tap Generate under Backup verification codes.

    NotesNote: (for organization users): Organization admins can set up and enforce policies that restrict you from generating backup verification codes. If you are not shown the option to generate the codes, contact your administrator for clarification.
  6. Tap Share to save them.

How to recover account using backup verification codes?

Select your MFA mode to see how you can use your backup code. Don't have one? Here's what to do
SMS-based OTP / OTP authenticator / Yubikey
  1. Enter your username and password, then click Sign in (or go through with your federated sign-in/SAML-based SSO option).
  2. If you haven't configured an alternate MFA mode, click Can't access your device?
  3. If you have configured one, click Problem signing in?, then click Can't access your device?.
  4. Click Use backup verification codes, then enter the 12-digit backup code you have.
  5. Click Verify to sign in to your account.

OneAuth (password-based)
  1. Enter your username and password, then click Sign in (or go through with your federated sign-in/SAML-based SSO option)
  2. Click Sign in another way.
  3. Click Can't access your device?.
  4. Click Use backup verification code. 
  5. Enter the backup code and click Verify to sign in to your account.

OneAuth (passwordless)
  1. Enter your username, then click Next.
  2. Click Sign in another way.
  3. Click Problem signing in?.
  4. Choose an alternate sign-in method available to you.
  5. You will be required to verify using your primary sign-in option and secondary sign-in option. Click Proceed.
  6. Use the primary sign-in option you have chosen in Step 4 to sign in. Click Sign in.
  7. Click Use backup verification code.
  8. Enter the backup code and click Verify to sign in to your account.
Once you regain access to your account, reconfigure your MFA mode.

Info
Locked out and don't have backup code?
  1. Contact our support team at support@zohoaccounts.com.
  2. After verifying your identity, you will be given a backup code so you can sign in.
  3. Once you're in, don’t forget to reconfigure your MFA mode and generate new backup codes.