Recovery codes are not intended for everyday use, but as a safety net in the event that all other methods are not (or no longer) available.

If you keep printed recovery codes both at the office and at home, you can log in even if you do not have your cell phone and notebook with you.

Keep the recovery codes locked away in a safe place, i.e. not in a drawer but, for example, in the same place where you keep other confidential personnel records, financial records or documents.

You cannot display the recovery codes again at a later time, so be careful when creating them!

Set up recovery codes

Go to the Keycloak account management and log in with your familiar BOKU credentials:

Click on 'Signing in'

Click on 'Set up recovery codes':

These recovery codes are only displayed once!
You cannot display the recovery codes again, so be careful when creating them!

Please actually retrieve the printouts from the printer or make sure that you have access to the downloaded recovery codes before you continue. 

Click on 'I have saved these codes somewhere safe', only then will the 'Complete setup' button become active.

Click on 'Complete setup'.
The displayed, printed and downloaded recovery codes are only actually activated when you click 'Complete Setup'!
As long as you have not clicked on 'Complete setup', the old recovery codes are still valid!

Done! Very nice :-)

This allows you to use recovery codes as an additional factor when logging in.

You can create new recovery codes at any time, you don't have to wait until all 12 are used up. When new codes are created, the old ones become invalid.

Please note the following information on this page and then set up additional MFA factors.

Logging in using recovery codes

Click on 'Try another way', then 'Recovery code':

You will now be asked for a specific (the next) recovery code from the list.
In the example below, the recovery code #4 is requested. 

Please enter the codes exactly as in the list in capital letters and with the hyphens.