What Should You Do about an Authentication Code You DIDN’T Request?

ByEmily Dolloff

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They’re better than nothing.

But what if you receive a 2FA code that you didn’t request?

  1. Don’t panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don’t remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn’t much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it’s using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It’s easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you’re sure you don’t have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don’t ignore 2FA codes you didn’t request for sites where you have an account. It’s not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.

(Featured image based on an original by iStock.com/Kateryna Onyshchuk)

Social Media: Receiving a two-factor authentication code you didn’t request shows that your security is working, but it’s also an indication that someone may have your password and be trying to break into your account.

Similar Posts

  • Back up for the Holidays

    The Holidays are here and I am sure many of your are busy making memories, thinking about others and capturing as many picture-perfect moments that you can. While you’re busy bustling around, are you taking the time to think about these memories? What would happen if you couldn’t go back and look up those moments? Perhaps now is the time to think about a gift for yourself and taking the time to ensure that all of the perfect moments you are capturing on video and in pictures are being safely stored on your computer.

    I know we talk about this all the time, but it’s surprising how many of us out there keep putting this important step of backing up to the side! The Holidays are the time with some of the best memories, and so many of us are capturing once in a lifetime moments. The last thing anyone wants is to have something happen to those photos. There are so many options for backing up your computer and your important files it can be a little overwhelming. There is iCloud, cloud-based storage solutions from countless companies, traditional external hard drives for back up and more! My preferred backup solutions are a combination of cloud backup and physical hard drives. It might seem a little redundant, but better to be safe than sorry when it comes to important documents and memories.

    For me, iCloud and an external hard drive are my preferred options for backing up. I use my iCloud account to keep my daily life in order, contacts and calendars most importantly. I also use iCloud for storing some of my most important memories and files, select baby photos of my kids and some important documents. The kind of things that should the worst case happen and I lost my computer or drives due to theft or fire I still have copies in the cloud. My preference for my backups is using Time Machine and my “**Seagate**”:http://www.smalldog.com/product/85305/seagate-backup-plus-slim-portable-drive-usb-3-0-2tb-blue hard drives. I keep a different drive for each of my computers and perform fairly regular backups, I am not perfect, so sometimes they are not as regular as I would like. But utilizing these drives allows me to ensure that I have entire backups of my files and data readily available. Before I started to use iCloud I would also have back ups drives of my Time Machine back up, yes, I was and am that paranoid about loosing photos of my kids. I still have a small 20gb drive that contains my oldest daughter’s first year of photos, even though I know all the photos are on my computer and backed up I still won’t delete that drive.

    In the last year we have seen a rise in alternative cloud storage and mobile storage solutions. Many companies like “*Seagate*”:http://www.smalldog.com/category/?mmfg%5B0%5D=Seagate and “*LaCie*”:http://www.smalldog.com/category/?mmfg%5B0%5D=LaCie have portable drives that allow users to access information wirelessly while on the go. This is a great solution for families with large media libraries for movies. The “**Lacie Fuel**”:http://www.smalldog.com/product/85520/lacie-fuel-wireless-battery-powered-mobile-hd-wifi-usb-3-0-1tb is great for just this. Have a long road trip? Load up the drive and the family can access the files from their iPhones or iPads quickly and easily without taking up storage on their devices. Another and perhaps more practical solution is the “**Seagate Personal Cloud**”:http://www.smalldog.com/wag900002041/mac-the-halls-save-20-on-seagate-personal-cloud-home-media-storage-3tb. This drive allows you to back up everything on your computer and access it from anywhere! No need to carry that back up drive along with you, and with tons of storage options little worry about not having enough space. So this holiday season remember, backing up is just as important as capturing those memories.

  • Watch Out for PayPal Invoice Phishing Scams

    We’ve seen an uptick in fake invoices from scammers using PayPal. Because they’re being sent through PayPal itself, spam filters won’t catch them,…

  • Airmail for iPhone

    As you may know, I have been using the Airmail mail client for some time and am a big fan of this alternative…