What Should You Do about an Authentication Code You DIDN’T Request?

ByEmily Dolloff

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They’re better than nothing.

But what if you receive a 2FA code that you didn’t request?

  1. Don’t panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don’t remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn’t much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it’s using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It’s easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you’re sure you don’t have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don’t ignore 2FA codes you didn’t request for sites where you have an account. It’s not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.

(Featured image based on an original by iStock.com/Kateryna Onyshchuk)

Social Media: Receiving a two-factor authentication code you didn’t request shows that your security is working, but it’s also an indication that someone may have your password and be trying to break into your account.

Similar Posts

  • Apple TV and Apple Watch

    This week I’ve been testing out some of the new features on the Apple TV and a bit on the new watchOS. You can now get an Apple Watch for $299.99. The release of watchOS 2.2 was a minor bump in improvements, including the ability to pair more than one Apple Watch to one iPhone, additional browsing options in Maps, improvements to tracking your pulse and a few other minor updates. Unlike past revisions and improvements to the watchOS this one has left me feeling a little underwhelmed. While the software updates weren’t particularly robust, I was excited to see that the Apple Watch now has even more watch bands to choose from. I’ve had my watch for about six months now and have noticed its getting a bit dingy, so now might be a good time to get another band! There are new sport band colors to choose from including a bold new yellow and a new woven nylon option. For those seeking a more traditional style band, the woven nylon might be just what you are looking for, this band features a standard watch buckle style clasp.

    Apple TV got some updates this week and just in time for the NCAA Championship. With the latest software release for Apple TV you can now get the latest NCAA games with an added feature of having two games display on your TV side by side! In addition to being able to watch the latest games, you now have approximately 5000 apps to choose from, including new workout apps. Siri now works better when searching for content, even in the App Store, and you can access your iCloud Photo library. Starting to feel like your apps are getting too cluttered? Easily create folders by dropping app icons onto of each other just like you do on your iPhone or iPad. Dictation, another added feature that can really speak up your search process. Rather than typing through letters one at a time when searching for something specific, you can now use dictation by selecting the Siri button in the search field. I will note, you do have to be in the specific search field, you can’t just use it from the home screen. My favorite updates, one of which works with both the Apple TV and the Apple watch, is the remote app. You can now use your Apple watch to navigate through the options on the Apple TV, a feature that might seem silly to some, but with a small and easily misplaced remote this is bound to be an incredibly valuable new feature. Think the watch is too small to use for a remote? Hook up your Apple bluetooth keyboard! That’s right, you can now use your standard sized keyboard as well.

    I should note, that some of these updates, like the NCAA games, do have additional fees. More and more of us are swaying away from traditional TV and with more options coming to the Apple TV and choosing your content, we are getting closer and closer to paying for only what we want.