What Should You Do about an Authentication Code You DIDN’T Request?

ByEmily Dolloff

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They’re better than nothing.

But what if you receive a 2FA code that you didn’t request?

  1. Don’t panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don’t remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn’t much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it’s using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It’s easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you’re sure you don’t have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don’t ignore 2FA codes you didn’t request for sites where you have an account. It’s not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.

(Featured image based on an original by iStock.com/Kateryna Onyshchuk)

Social Media: Receiving a two-factor authentication code you didn’t request shows that your security is working, but it’s also an indication that someone may have your password and be trying to break into your account.

Similar Posts

  • B.B. King – The King of the Blues

    For more than half a century, Riley B. King – better known as B.B. King – defined the blues for a worldwide audience. Since he started recording in the 1940s, he has released over fifty albums, many of them classics. He was born September 16, 1925, on a plantation in Itta Bena, Mississippi, near Indianola. In his youth, he played on street corners for dimes, and would sometimes play in as many as four towns a night. In 1947, he hitchhiked to Memphis, TN to pursue his music career. Memphis was where every important musician of The South gravitated, and it supported a large musical community where every style of African American music could be found. B.B. stayed with his cousin Bukka White, one of the most celebrated blues performers of his time, who schooled B.B. further in the art of the blues.

    B.B.’s first big break came in 1948 when he performed on Sonny Boy Williamson’s radio program on KWEM out of West Memphis. This led to steady engagements at the Sixteenth Avenue Grill in West Memphis, and later to a ten-minute spot on black-staffed and managed Memphis radio station WDIA. “King’s Spot,” became so popular, it was expanded and became the “Sepia Swing Club.” Soon B.B. needed a catchy radio name. What started out as Beale Street Blues Boy was shortened to Blues Boy King, and eventually B.B. King.

    In the mid-1950s, while B.B. was performing at a dance in Twist, Arkansas, a few fans became unruly. Two men got into a fight and knocked over a kerosene stove, setting fire to the hall. B.B. raced outdoors to safety with everyone else, then realized that he left his beloved $30 acoustic guitar inside, so he rushed back inside the burning building to retrieve it, narrowly escaping death. When he later found out that the fight had been over a woman named Lucille, he decided to give the name to his guitar to remind him never to do a crazy thing like fight over a woman. Ever since, each one of B.B.’s trademark Gibson guitars has been called Lucille.

    B.B. was inducted into the Blues Foundation Hall of Fame in 1984 and into the Rock and Roll Hall of Fame in 1987. He received NARAS’ Lifetime Achievement Grammy Award in 1987, and has received honorary doctorates from Tougaloo(MS) College in 1973; Yale University in 1977; Berklee College of Music in 1982; Rhodes College of Memphis in 1990; Mississippi Valley State University in 2002 and Brown University in 2007. In 1992, he received the National Award of Distinction from the University of Mississippi.

    B.B. King came to Vermont many times and I had the pleasure of being at several of his concerts. He died last year at the age of 90 and was performing to sold out crowds right up until he died. B.B. King is gone but the –The Thrill is Gone- lives forever.

  • Apple's Not The Only Game In Town

    I have the pleasure of being able to not only work behind the scenes here at Small Dog, but also on the front line with our customers. This past week while working in our “**Rutland, VT store**”:http://www.smalldog.com/rutland I had two customer interactions that brought an interesting subject light when talking about iPads. We have seen over the last two years or so there has been a slight drop in the number of iPads sales in comparison to when they first hit the market back in in April of 2010 and a lot has changed since then. There are more tablets out there than ever before including ones that run Android, Windows, Kindle and more.

    The draw away from Apple for some customers is that in many cases the same Apps and functions you can do on an iPad can be done on a another device and for less money. It’s easy to be persuaded by these draws and overlook some some other key aspects. What makes Apple stand apart is often pushed aside temporarily when comparing these products. With Apple everything is designed to work together. iCloud can sync all your information across multiples devices, from your iPad to iPhone to your computer. “**Handoff**”:https://support.apple.com/kb/PH18754?locale=en_US allows you to start a project on your iPad and then with a quick tab, pick up that project on your computer. Wanting to show your friends the pictures from your weekend trip to the mountains? With photo stream it doesn’t matter what Apple device you’ve picked up, your photos will be there. Have a great home video of your child or grandchild and just have to show everyone who came to Friday night dinner? No problem. With the Apple TV you can airplay that video and save yourself from passing your phone around the room for everyone to see. Another benefit? Apple devices last a long time! I have been using the original iPad mini for four years now and each week I interact with customers who are also using iPads that are two or three years old with no issues.

    In addition to all the integration, we’ve seen price drops for the iPads over the last several years as well. No longer do you need to spend $500 or more for an iPad. You can get an “**iPad Mini 2**”:http://www.smalldog.com/product/84491/ipad-mini-2-16gb-space-gray starting at **$269** and “**iPad Air**”:http://www.smalldog.com/product/86240/ipad-air-16gb-wi-fi-silver for **$399**. So the next time your considering tablet options, take a few moments to consider that while Apple isn’t the only game in town anymore, it’s still the leader of the pack!