Recovery Codes

[sench93]

How can i create recovery codes for clients to use them in case of they lose access to their authenticators.

[diegoocampoh]

@sench93 recovery codes are not part of the RFCs that define TOTP and HOTP.

Recovery codes are temporary passwords that expire once used. Such recovery codes that your system generates should be random and have high entropy.

For example, you can use AWS KMS random generator to create a recovery code of 32 alphanumeric characters and use that as the recovery code.