Recovery Codes
When you enable two-factor authentication, Opterius Mail generates a set of recovery codes. These are backup codes that let you log in if you lose access to your authenticator app — for example, if your phone is lost, stolen, broken, or if you accidentally delete the authenticator app.
What Recovery Codes Are
Recovery codes are single-use, randomly generated alphanumeric codes. They are an alternative to your 6-digit TOTP code for the 2FA step of login. You receive 8 recovery codes when you first enable 2FA.
Each code looks like: A3X7-K9MN-2QPL
Recovery codes are:
- Single-use: Once a code is used to log in, it is invalidated and cannot be used again.
- Not time-sensitive: Unlike TOTP codes, recovery codes do not expire after 30 seconds.
- An emergency backup only: They are not a replacement for your authenticator app — they are for emergencies.
Viewing Your Recovery Codes
You can view your remaining (unused) recovery codes at any time while logged in:
- Go to Settings → Security → Two-Factor Authentication.
- Click View recovery codes.
Used codes are shown with a strikethrough to indicate they have been consumed. Unused codes are shown normally.
Keep your recovery codes private. Anyone with a valid recovery code and your email/password can log in to your account.
Using a Recovery Code to Log In
If you cannot use your authenticator app during login:
- On the "Enter your two-factor authentication code" screen, click "Use a recovery code instead".
- A text field appears — enter one of your unused recovery codes exactly as it is stored (e.g.
A3X7-K9MN-2QPL). - Click Verify.
If the code is valid, you are logged in and the code is marked as used. You cannot use that code again.
After logging in with a recovery code, Opterius Mail will display a warning banner: "You used a recovery code to log in. Please reconfigure your authenticator app or regenerate your recovery codes." It is strongly recommended to immediately reconfigure your 2FA.
Regenerating Recovery Codes
If you have used most of your codes, suspect they have been compromised, or want a fresh set, you can regenerate all recovery codes:
- Log in (using a code or your authenticator app).
- Go to Settings → Security → Two-Factor Authentication.
- Click Regenerate recovery codes.
- A confirmation dialog warns that all existing codes will be invalidated.
- Click Confirm and regenerate.
A new set of 8 recovery codes is displayed. Save them immediately — they will not be shown again in full after you leave this screen.
Regenerating codes invalidates every previously issued code, including any you had stored. Your new set replaces the old set entirely.
What to Do If You Have No Codes Left
If you have used all 8 recovery codes and lost access to your authenticator app, you are locked out of your account. You cannot log in on your own.
In this situation, you need to contact your server administrator (or the person who manages the Opterius Mail installation) and ask them to force-disable 2FA on your account.
The admin can do this from the admin panel. Once they disable it, you can log in with just your email address and password. After logging in, you should immediately set up 2FA again with a properly backed-up authenticator.
See Admin 2FA Controls for the admin's side of this process.
Best Practices for Recovery Code Storage
| Storage method | Notes |
|---|---|
| Password manager | Best option. Bitwarden, 1Password, etc. are secure and accessible from multiple devices. |
| Printed copy | Reliable, not hackable. Store in a secure physical location (safe, lockbox). |
| Encrypted notes app | Good if encrypted with a strong password (e.g. Standard Notes, KeepNote). |
| Plain text file on desktop | Avoid — easily accessible if your computer is compromised. |
| Email to yourself | Avoid — email is not a secure channel; this defeats the purpose of 2FA. |
| Screenshot on phone | Risky — if you lose your phone you lose both your authenticator and your codes. |