A long time ago I set up the Two-Step Authentication feature on my blog. When I sign in I get sent a text message with a code to enter. Without the code I cannot login to my account. There are also backup codes that can be generated in case a person doesn’t have access to their phone. I’d printed them and put them in a secure spot and never thought about them again.
Recently I didn’t have access to my phone. I dug through my records for the backup codes. I started to enter them into the field. One after the other said the code was invalid. I looked at the form and the field. No where was it mentioned the codes had an expiration date. I hadn’t used them, so they had to be good. Only they weren’t.
Luckily I was still signed into the WordPress App. I was able to go to the page and generate a new set of backup codes. I could use them to gain access to my account. Had I not been signed in I would have lost access to my blog.
If you have Two-Step Authentication turned on, make sure to generate a new set of backup codes often. This will keep them up to date.