What Should You Do about an Authentication Code You DIDN’T Request?

ByEmily Dolloff

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They’re better than nothing.

But what if you receive a 2FA code that you didn’t request?

  1. Don’t panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don’t remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn’t much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it’s using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It’s easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you’re sure you don’t have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don’t ignore 2FA codes you didn’t request for sites where you have an account. It’s not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.

(Featured image based on an original by iStock.com/Kateryna Onyshchuk)

Social Media: Receiving a two-factor authentication code you didn’t request shows that your security is working, but it’s also an indication that someone may have your password and be trying to break into your account.

Similar Posts

  • Hey Siri, What Can You Do?

    So, I am a little embarrassed to admit it but I bought an Amazon Echo to check out how Alexa compares with Siri. I’m a gadget guy so we will see if we find it useful and if not, I am sure I can find it a home on eBay. I use Siri more and more these days. My most common uses are asking her to settle trivia disputes with Grace or setting the timer for 5 minutes. But there is a lot more that Siri can do!

    Make Relationships with Siri
    When you speak Siri commands, you can refer to people by relationship, rather than name. So, if you want to call your father, you can say “call my father” instead of saying “call Bruce Leibowitz.” But to do this, you need to introduce Siri to your family. First, make sure you have a “card” in the Contacts app for yourself, and then go into Settings > Mail, Contacts, Calendars, scroll down to find and tap My Info, and select your card. Next, make sure you have a contact card for your father, and then tell Siri, “Bruce Leibowitz is my father.” Or, if Siri doesn’t hear you correctly, open Contacts, edit your card (not your father’s!), scroll down, tap “add related name,” tap the default relationship to pick “father,” tap the info “i” icon, select your father’s card, and tap Done.

    You can even use Siri to remember other types of relationships. Artie used to bring manure from his uncle’s farm for my garden and ended up with the nickname, “the spreader”. If I tell Siri “Art Hendrickson is my spreader” I can now just say “text my spreader…” and Siri knows who I am talking about. This works for nicknames but also for lawyers, accountants, doctors or any nickname you want to tell Siri about.

    Take a Picture
    Instead of fumbling to launch the Camera app on your iPhone you can just say “take a picture” and Siri will automatically open the Camera app and you can snap away.

    Siri Converts
    Need to know how many millimeters are in 4 inches? Just ask Siri and you will find that there are 101.6 mm in 4 inches. This works for currency exchange rates, too. Ask Siri how many Euros are equal to $100US you will find that 87.73 Euros is the exchange rate today. Siri has some other strong calculation features too. You can ask Siri how many calories there are in that fish sandwich or to calculate a 20% tip on your restaurant bill. You can ask her to solve math problems involving fractions and other math functions that will be faster than opening the calculator app and punching in the numbers.

    Settling Up
    Okay you can use Siri to look up baseball stats or other information to settle a dispute but what if you are at loggerheads and just want to get a random answer and don’t have a coin to flip. You can ask Siri to “roll the dice”, “flip a coin” or pick a random number.

    Name that Tune
    Siri is integrated with Shazam to help you figure out what song is playing. Just ask her “what song is playing?” and she will listen and let you know and probably try to sell you the song, too!

    Find that Photo
    Siri can search your photo library for you. I know how frustrating it is if your are like me and have literally thousands of photos. You can say something like “find that photo from Daytona Beach from last March” and Siri will launch Photos and take you right to any photos taken at that place and time.

    Siri Takes You Out
    Siri can make your restaurant reservations for you, too! Tell Siri “make a restaurant reservation for four at 7PM” and she will respond with available restaurants nearby and if you have the Open Table app installed can make the reservation for you or give you the phone number to call.

    Are We There Yet?
    If you are using your iPhone for navigation you can just say “ETA” and Siri will let you know how much longer you are gonna be on the road.

    Leave Me Alone
    Siri can do a lot for you but sometimes you just want alone time. You can tell Siri to turn on “do not disturb” and you will not be bothered. Or tell her to “turn on airplane mode” and she will turn off Wi-Fi and cellular signals.

  • Next week I will be on the road so it will be fun to see how Emily handles the Apple quarterly results that are going to be announced on Tuesday. I guess I’d better write that up in my hotel room from the road.

    Last year, most of our plants suffered while we were gone. Between the lack of water and the chickens we had to do a lot of work to get them back. I installed a nice drip irrigation system this year but we will still have chicken invasions. For those of you that don’t know, Key West protects wild chickens and they are everywhere. That must be why Grace loves Key West so much!

    Thank you so much for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily, Hadley & Amy_