Skip to content

Create changelog for recovery codes #25693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 7, 2025
Merged

Create changelog for recovery codes #25693

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b394c63
jhutchings1/recovery-codes
jhutchings1 Oct 7, 2025
bbe029b
Update src/content/changelog/fundamentals/2025-10-07-recovery-codes.mdx
jhutchings1 Oct 7, 2025
2e649ba
Update src/content/changelog/fundamentals/2025-10-07-recovery-codes.mdx
jhutchings1 Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions src/content/changelog/fundamentals/2025-10-07-recovery-codes.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: Automated reminders for backup codes
description: Cloudflare reminds you to download your 2FA recovery keys
products:
- fundamentals
date: 2025-10-07
---

The most common reason users contact Cloudflare support is lost two-factor authentication (2FA) credentials. Cloudflare supports both app based and hardware keys for 2FA, but if you lose these, you could lose access to your account. Over the past few weeks, we have been rolling out email and in-product reminders that remind you to also download backup codes (sometimes called recovery keys) that can get you back into your account in the event you lose your 2FA credentials. Download your backup codes now by logging into Cloudflare, then navigating to **Profile** > **Security & Authentication** > **Backup codes**.

## Sign in security best practices
Cloudflare is critical infrastructure, and you should protect it as such. Please review the following best practices and make sure you're doing your part to secure your account.

* Use a unique password for every website, including Cloudflare, and store it in a password manager like 1Password or Keeper. These services are cross-platform and simplify the process of managing secure passwords.
* Use 2FA to make it harder for an attacker to get into your account in the event your password is leaked
* Store your backup codes securely. A password manager is the best place since it keeps the backup codes encrypted, but you can also print them and put them somewhere safe in your home.
* If you use an app to manage your 2FA keys, enable cloud backup, so that you don't lose your keys in the event you lose your phone.
* If you use a custom email domain to sign in, [configure SSO](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/).
* If you use a public email domain like Gmail or Hotmail, you can also use social login with Apple, GitHub, or Google to sign in.
* If you manage a Cloudflare account for work:
* Have at least two administrators in case one of them unexpectedly leaves your company
* Use SCIM to automate permissions management for members in your Cloudflare account
Comment on lines +15 to +23
Copy link
Contributor

@patriciasantaana patriciasantaana Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Use a unique password for every website, including Cloudflare, and store it in a password manager like 1Password or Keeper. These services are cross-platform and simplify the process of managing secure passwords.
* Use 2FA to make it harder for an attacker to get into your account in the event your password is leaked
* Store your backup codes securely. A password manager is the best place since it keeps the backup codes encrypted, but you can also print them and put them somewhere safe in your home.
* If you use an app to manage your 2FA keys, enable cloud backup, so that you don't lose your keys in the event you lose your phone.
* If you use a custom email domain to sign in, [configure SSO](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/).
* If you use a public email domain like Gmail or Hotmail, you can also use social login with Apple, GitHub, or Google to sign in.
* If you manage a Cloudflare account for work:
* Have at least two administrators in case one of them unexpectedly leaves your company
* Use SCIM to automate permissions management for members in your Cloudflare account
- Use a unique password for every website, including Cloudflare, and store it in a password manager like 1Password or Keeper. These services are cross-platform and simplify the process of managing secure passwords.
- Use 2FA to make it harder for an attacker to get into your account in the event your password is leaked.
- Store your backup codes securely. A password manager is the best place since it keeps the backup codes encrypted, but you can also print them and put them somewhere safe in your home.
- If you use an application to manage your 2FA keys, enable cloud backup, so that you do not lose your keys in the event you lose your phone.
- If you use a custom email domain to sign in, [configure SSO](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/).
- If you use a public email domain like Gmail or Hotmail, you can also use social login with Apple, GitHub, or Google to sign in.
- If you manage a Cloudflare account for work:
- Have at least two administrators in case one of them unexpectedly leaves your company.
- Use SCIM to automate permissions management for members in your Cloudflare account.