Authy Backups Password Retrieval

The Backups password is, as the name implies, used for QR code tokens you have added to the app yourself and sent to the Authy server for safe keeping in case your phone is lost or damaged. When you enable backups on your Authy app, the backups password encrypts all your tokens and uploads them to our servers. This means that if our servers were to be compromised, no hacker would be able to steal your tokens unless he also knew your backups password.

Alert: The Backups password is never sent nor stored in our servers for your security, so make sure you write it down somewhere safe or use a password only you know. If you ever forget your backups password, your account tokens will be permanently lost.

Users that forget their backups password will be unable to decrypt these tokens, and will likely need to contact the company/website they are trying to login to regain access. Services like Gmail and Facebook will allow SMS verification as a backup. In other cases such as Evernote, only the "recovery codes" given during 2FA setup will allow access - their support team probably will not be able to help.

After restoring access to your accounts to add the token generators anew to the Authy app - first, you have to remove all undecrypted tokens from the app. For help on deleting tokens, be it decrypted or undecrypted, please see Delete, Hide, or Decrypt Two Factor Authentication (2FA) Account Tokens in the Authy App.

Related Topics

 

Have more questions? Submit a request