Meraki

Community

Upcoming Meraki dashboard security update: Changes to One-Time Static Backup Codes for log in

MiriamK
Meraki Employee
Meraki Employee
yesterday
yesterday

Upcoming Meraki dashboard security update: Changes to One-Time Static Backup Codes for log in

As part of our ongoing efforts to strengthen account security, we’re making an update to how one-time static backup codes are used as part of the multi-factor authentication (MFA) flow to log in to the Meraki dashboard.

 

Starting early February 2026, we will begin the initial phase of deprecating workflows that rely on use of one-time static backup codes.

 

What are one-time static backup codes?

One-time static backup codes were designed as a secondary recovery option, to be used if you temporarily could not access your primary MFA method. E.g. if your device is unavailable or a MFA authenticator app is not accessible.

 

Note: these codes were not intended to replace your primary MFA method.


Currently, you can find these codes in two places in the Meraki dashboard:

  • During the MFA setup flow, when you first set up an authenticator app.
  • In My Profile, where backup codes can be viewed or re-generated after app-based MFA has been set up.

 

MiriamK_0-1769185551865.png

 

MiriamK_1-1769185551868.png

 

Why is this change happening?

We’ve observed cases where backup codes are being used repeatedly as a primary second factor. This weakens MFA protections and increases the risk of account compromise.

 

Today, app-based MFA provides safer recovery options through cloud backup, making frequent reliance on backup codes unnecessary.

 

When will one-time codes be phased out?

The deprecation of one-time backup codes will rollout globally in a few phases:

 

  • Starting early February 2026 – gradual deprecation
    • The “Generate new codes” button will be removed from the Meraki dashboard
    • Existing backup codes can still be used until they’re exhausted
  • After March 2026 – full deprecation
    • One-time static backup codes will no longer be available in the Meraki dashboard

 

To further strengthen account security, we will be rolling out these phases in the near term and will provide additional notice before we fully deprecate one-time static backup codes.

 

What happens if I’m locked out and can’t use backup codes?

If you’re unable to sign in using your primary MFA method and backup codes are unavailable, you can do any of the following:

  • Contact another Full Access admin in your organization to help restore access
  • Contact Meraki Support to verify your identity and regain access

 

These recovery paths remain available and are the recommended approach if backup codes are exhausted.

 

Recommended actions

If you’re currently using one-time static codes as a backup, we recommend using app-based MFA for TOTP (time-based one-time password) with cloud backup enabled.

 

To get started, visit our Two-Factor Authentication documentation.

 

With modern authenticator apps such as Cisco Duo or alternatives you can:

  • Authenticate using time-based one-time passwords (TOTP)
  • Enable secure cloud backup
  • Restore your MFA configuration on a new device if your phone is lost, replaced, or reset

 

This ensures continued access without relying on backup codes for day-to-day sign-in.

 

Miriam Kung
Cisco Meraki Product Marketing
Labels:
1 Reply 1
Inderdeep
Kind of a big deal
yesterday
yesterday

Thanks 

 

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.