888-813-5558
support@cranstoninc.com
Colored Cranston It Logo
Home
About Us
Services
Managed Services App Development Apple Integration Services Cyber Insurance
Blog
Get Started
Support Portal
Recent Articles
Things You Need to Know Before Moving to a New iPhone
September 17, 2023
What Should You Do about an Authentication Code You DIDN'T Request?
September 16, 2023
Protect Your Tech from Storms
September 14, 2023
Why Hiring a Mac Consultant in Pittsburgh is Your Key to Success
August 23, 2023
Web Workers of the World, Give Arc a Try
August 12, 2023
Legitimately Worried That You're Being Targeted Online? Try Lockdown Mode
August 12, 2023
"Juice Jacking" Returns to the News but Still Hasn't Happened
August 12, 2023
Why Outsourcing IT Services Makes Sense: Cost Savings and Expertise
July 27, 2023
Meet Tori Woods
July 17, 2023
Learn to Identify and Eliminate Phishing Notifications
July 17, 2023
Improve Privacy by Removing Metadata from Office Documents and PDFs
July 17, 2023
What to Look for in Small Business IT Consulting
June 28, 2023
What to Do If You’re a Mac User Who Needs Some Windows Software
June 12, 2023
Apple Starts Releasing Rapid Security Responses for the iPhone, iPad, and Mac
June 12, 2023
Apple Unveils Vision Pro "Spatial Computer"
June 10, 2023
Managing Cyber Risk: Essential Cybersecurity and Cyber Insurance Insights
May 18, 2023
Sidestep MacBook Optimized Battery Charging When Necessary
May 18, 2023
CranstonIT’s New Self Service
May 17, 2023
How Often Should Macs Be Replaced?
April 18, 2023
What to Do If Your iPhone Takes a Plunge
April 18, 2023
Integrate Your Cloud Storage Service into the Finder
April 18, 2023
Is Your Wi-Fi Network a Security Risk?
March 16, 2023
A Practical Guide to Identifying Phishing Emails
March 16, 2023
Hyland Software – Streamlined Apple Deployment in Enterprise
September 21, 2022
Avient – Enterprise Grade Apple Support in a Windows Environment
September 9, 2022
How The Bible Chapel's IT Prayers Were Answered
March 10, 2022
Your Top Questions on Adding Apple IT Support in a Predominantly Microsoft Environment
March 10, 2022
Apple and the Enterprise: The Time is Now
November 16, 2021
Keeping up? Create custom apps to automate tedious business processes
May 27, 2021
Backed by quality computer support, êlizur redefines the markets it helps
May 27, 2021
Keeping up? Integrate Slack into your FileMaker App for Instant Notifications
May 27, 2021
Patete Kitchen and Bath Design Center thrives with reliable Computer Support
May 27, 2021
Gymkhana Gymnastics sticks its landing with FileMaker, Apple and Cranston IT
May 27, 2021
September 16, 2023

What Should You Do about an Authentication Code You DIDN'T Request?

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it's always best to get such codes from an authentication app like 1Password (which enters codes for you), Authy, or Google Authenticator, many websites still send codes by the less secure SMS text message or email. They're better than nothing.

But what if you receive a 2FA code that you didn't request?

  1. Don't panic. Although receiving the code means that someone is trying to log in to your account and has your password, the extra authentication step has done its job and protected your account from being compromised.
  2. Never share an authentication code with anyone! A hacker could attempt to break into your account, be foiled by two-factor authentication, and then email or text you with a trumped-up story about why you should send them the code. Authentication codes are short-lived, so if this is going to happen, it will happen right away.
  3. Independently from the message with the code, go to the account website, log in, and change the password. As always, make sure the password is strong, unique, and stored in your password manager. If the account used an old password that was shared with other accounts, change passwords on those accounts as well.

There are a handful of scenarios that could generate such an authentication code:

  • Stolen credentials: The most likely scenario, which the advice above addresses, is when your email address and password have been stolen, probably in a significant site breach. You can check the Have I Been Pwned site to see if your account is floating around on the “dark Web.” Password managers often perform similar checks. Changing the password on any breached sites is essential.
  • Identity theft: You started receiving authentication codes from TikTok, but you don't remember creating a TikTok account. Someone might be trying to create an account to impersonate you but cannot complete the account creation without the authentication code. There isn't much you can do to stop such attempts, although if an account has been created, you should be able to change the password (since it's using your email address or phone number), log in, and either just let the account sit in your password manager or try to delete it.
  • Accidental or random triggering: If you have a common email address or phone number, someone could have accidentally entered your address or number instead of theirs while trying to create an account. It's easy to type marsha32@example.com instead of marsha23@example.com or mistake the Boston 617 area code for the upstate New York 607 area code. If you're sure you don't have an account at the site in question and you only get one authentication code, you can probably ignore it.

Regardless of the cause, don't ignore 2FA codes you didn't request for sites where you have an account. It's not hard to change a password, particularly if you use a password manager, and the extra piece of mind is worth the few minutes of work.