Backup Codes Generator

How to use

1. 1Pick a provider style preset (Google, GitHub, Microsoft, Discord, Apple recovery key, or short PIN) to load the same count, length, alphabet, and grouping that provider uses.
2. 2Override any field on the left: alphabet, number of codes, characters per code, grouping separator, group size, numbered prefix, or Avoid look-alike characters.
3. 3Click Generate fresh batch whenever you want a new set. The strength badge shows the entropy per code in bits, and the alphabet display below the inputs confirms the effective character set.
4. 4Use the per-row Copy button to copy a single raw code for one-click sign-in, or Copy all codes to push the whole formatted list to the clipboard.
5. 5Click Download as .txt to save the batch with a timestamped header you can store in a password manager note or print and keep offline.
6. 6Switch to Custom alphabet when your service requires a specific character set; duplicate characters and control codes are stripped automatically.

About this tool

Backup Codes Generator creates batches of cryptographically random one-time recovery codes in the formats the major two-factor providers actually issue. Pick a preset to match Google (10 codes of 8 digits in 4-4 groups), GitHub (16 codes of 10 lowercase hex characters), Microsoft account (10 codes of 25 uppercase alphanumeric characters grouped 5-5-5-5-5), Discord (10 codes of 8 Crockford base32 characters in 4-4 groups), the Apple recovery key shape (1 code of 28 uppercase hex characters grouped 4 across 7 blocks), or a short numeric PIN style (10 codes of 6 digits each). Custom mode lets teams writing their own MFA flow pick the alphabet, code length, grouping, group size, code count, numbered prefixes, and an Avoid look-alikes toggle that drops 0, O, 1, I, l, 5, S, 2, Z so users do not mistype codes when copying them off a printed sheet. Every code is built with crypto.getRandomValues, the browser standard cryptographic source, and uniform sampling uses rejection on a 32-bit buffer so no character is statistically more likely than another even with small alphabets like base 10. The per-code entropy strength badge classifies the output as weak, acceptable, strong, or very strong and shows the exact bit count next to it, calculated as length times log2 of the alphabet size after look-alikes are removed. The Copy all codes button puts the whole list on the clipboard ready to paste into a password manager note, the Copy button on each row grabs the raw code (without grouping or numbering) for one click entry into a sign-in form, and Download as .txt writes a plain-text file with a timestamped header that reminds the holder each code is single-use. Useful for security engineers replacing leaked recovery codes for a user, IT teams that issue printed recovery sheets to new hires, developers prototyping account recovery flows, anyone migrating off a 2FA app who needs a fresh batch of codes to seed the new account, and users who want their own offline recovery codes for a service that does not issue them by default. All generation, formatting, and printing happens locally, so the codes you create never leave your browser tab.

Free to use. Works in your browser. No signup, no login.