When enabling 2FA, Binance provides 8 one-time backup codes. This article explains how to use them and how to store them. Download entry: Binance Website, mobile Binance Official App. If you haven't installed the iOS app, see the iOS install guide.
I. What Are Backup Codes?
When you enable Google Authenticator, Binance displays eight 6-digit backup codes. Each code can only be used once. When your Authenticator is not around or becomes invalid, a backup code can replace the verification code to log in.
II. Storage Methods
Recommended
- Print them on paper
- Label them and place them in a safe
- Do not store them on the same device as your Authenticator
Not Recommended
- Taking a screenshot and saving it to the phone's gallery (which syncs to iCloud / Google Photos)
- Copying them into a notes app (unless encrypted)
- Emailing them to yourself (if the email is compromised, they are exposed)
Compromise Solutions
- Encrypted ZIP file + strong password
- Or printing them out + keeping them in a small box inside a drawer
III. How to Use Backup Codes
When logging in, if your Authenticator says "Unavailable / Unbound / Incorrect Time":
- Select "Use backup code" on the login page
- Enter one 6-digit code
- The used code becomes invalid immediately
IV. What to Do When They Run Out
After all 8 codes are used, there is no mechanism to generate more automatically. You must:
Method 1: Regenerate While the Authenticator Still Works
If your Authenticator is still functional:
- Account Security → Reset 2FA
- Rebind the Authenticator (the same one or a new one)
- You will be shown 8 new backup codes again
However, resetting 2FA triggers a 24-hour lock—during which you cannot withdraw funds.
Method 2: Contact Support for the "Lost 2FA" Process
If your Authenticator is invalid and the backup codes are exhausted:
- Submit an "Unable to use 2FA" ticket
- Provide proof of identity
- Wait 24-72 hours for review
- After support resets it, bind a new Authenticator
V. Security Risks of Backup Codes
The 8 codes themselves are targets for attacks:
Risk 1: Leakage
If stored in the cloud and stolen → attackers can bypass your Authenticator.
Risk 2: Forced Disclosure
In scenarios of physical threat. It is advised to keep the storage location unknown to all family members.
Risk 3: Forgetting the Location
If placed in a safe and you forget the password / lose the key → unusable in an emergency.
VI. Best Practices
1. Save Immediately When Enabling 2FA
Do not "save it for later"—you will likely forget, and cry when the Authenticator fails.
2. Multiple Backups
Have at least two copies in different physical locations.
3. Regular Updates
When rebinding 2FA, you get new backup codes; discard the old ones.
4. Pair with a Hardware Key
A YubiKey is a more reliable fallback. Backup codes + YubiKey provide double protection against Authenticator failure.
VII. When to Use Backup Codes
Recommended Usage
- Forgot your Authenticator device during a business trip
- The Authenticator device is temporarily broken
- The Authenticator time is desynchronized
Not Recommended Usage
- To save effort in daily use (each time you use a code, you lose one)
- If used frequently, replenish new codes as soon as possible
VIII. Emergency Response Plan
In the worst-case scenario where you have no backup codes + Authenticator is invalid + cannot receive SMS:
- Go through the full identity verification process with support
- Provide: ID card / KYC video / historical login evidence
- Wait 5-15 business days
- After support completes the reset, all 2FA will be reset
During this period, your account assets are safe (attackers cannot log in either), but you cannot use them either.
FAQ
Q1: Can backup codes be reset? Yes. Rebinding the Authenticator will display 8 new ones.
Q2: What do backup codes look like? Usually 6-digit numbers, each independent.
Q3: Do all backup codes expire? Unused backup codes remain valid indefinitely. They only expire when you reset 2FA.
Q4: Can a backup code be used multiple times? No. Each one is strictly for one-time use.