What Should You Do about an Authentication Code You DIDN’T Request?

ByEmily Dolloff

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They’re better than nothing.

But what if you receive a 2FA code that you didn’t request?

  1. Don’t panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don’t remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn’t much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it’s using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It’s easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you’re sure you don’t have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don’t ignore 2FA codes you didn’t request for sites where you have an account. It’s not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.

(Featured image based on an original by iStock.com/Kateryna Onyshchuk)

Social Media: Receiving a two-factor authentication code you didn’t request shows that your security is working, but it’s also an indication that someone may have your password and be trying to break into your account.

Similar Posts

  • Choosing the Best AI Chatbot for Your Needs

    Questions about AI from our clients keep coming in, with many asking which tools to choose. It’s understandable confusion—the number of AI chatbots…

  • Get yourself some Dux

    What is a Dux you ask? Dux is a really great product line from STM and one that we are really excited to begin carrying here at Small Dog. This product line up has cases for your iPad and your computer and for the last week or so I have been testing out the Dux case for Macbook Air.

    My first impression is that it gives my computer a sharp new look. I feel as though my computer is highlighted more in this case. It features a primarily clear case and then a border that comes in an assortment of colors. The one I am using is black and it really looks sharp and sleek on the computer.

    I will be the first to admit that I am not a huge fan of hardshell cases for computers. They do add weight to your computer and they can be hard to put on and take off. However, this case did stand out to me as soon as I saw it and I immediately asked for a sample so that I could test it out. It’s the reinforced border that caught my eye. The plastic is slightly different from that of the clear case and really gives you a feeling of protection for your computer.

    Customers ask me all the time why someone might want a hard shell case, it’s a combination of accessorizing and protection. Hard shell cases are great for those who might like to sticker their computers. You can sticker all you want on a removable case and not damage your computer. For people who bring their computers everywhere it’s a great way to protect them from the dings and scratches that can happen just by pulling your computer in and out, especially those whom might fly a lot. One piece of advice I will give users of hardshell cases is that you still need to remove them! The idea and concept of hard shell cases is to provide added protection to your computer, to keep it looking like new under the case. However, if you don’t remove the case from time to time and clean the case and computer from dust and debris your computer will still get scratches. I have seen countless computers get just as scratched up with these kinds of cases than those without and the cause is always the same: dirt build up. This particular case comes on and off much easier than some others on the market making my recommended occasional cleanings much easier to perform. After all you’ve probably purchased a hard shell case to keep your computer looking new.

    Overall I am very happy with this case, but the biggest test is yet to come. I am flying to Arizona next week for an event with one of our vendors, and I’ll be keeping this case on my computer for my travels. The real test will be if I notice the added weight while making my way through airports, so far I haven’t really noticed the increased weight in my daily travels.

    P.S. Hadley, even if it means burpees and laps in an airport terminal I plan to maintain my lead in our competition. It’s ON!

  • Apple Vision Pro First Thoughts

    I feel a little bit like Geordi from Star Trek when I am wearing my new Vision Pro and sorta wish it was…