Pro Tip: Security is great, but make sure you’re not locked out

Recently, I changed my mobile number to try and alleviate phone spam. Luckily, since I use Google Voice, I have the freedom to do this. Unfortunately, I completely forgot about one thing… my Twitter “Login Verification” was set to text to the old number. (This was the case because they have trouble sending SMS to GV numbers.) rock

D’oh.

So, once my number changed, I came to the sick realization that I’d lost the ability to log in to my Twitter account. It took 3+ weeks to get @support to reply to my ticket. For a while, I thought my account was lost forever. Luckily, I still had a couple of clients which were pre-authorized (Plume on my Nexus 4 and MetroTwit on my W8 desktop). This was enough to verify the ownership of my account, and I’m almost back in business.

Lesson here:
Always, always, keep a key under the rock. The key in this case is what they call “backup codes”. I *thought* I saved this in LastPass, but could not find it when I needed it.

Google 2-factor authentication will generate a set of backup codes, numbered 1 to 10. If you lose access to your Google Authenticator, when prompted, you are required to type in the correct code. Other services like Facebook have a similar method which require the mobile app.

The secret? Store your emergency backup codes in an account that does NOT depend on any other services to get in. Get an Outlook.com or other account which has a simple login, and use it for nothing but storing your rock-keys. You’ll thank yourself when you need it.

What are your favorite tricks for keeping track of backup codes and other important login info?