Two Factor Authentication has only ONE factor: YOU

Read time: 2 minutes

What's a 2FA (Two Factor Authentication) code?

• You're logging in to your account.
• The program sends you a 2FA code to prove it's really you.
• You enter the 2FA code to finish your login.
• (This is the only proper use of a 2FA code: to finish a login YOU started.)

Scammers want to trick you into revealing your 2FA code.

• Scammer goes to a website, such as a bank, and pretends to be you.
• Scammer either knows or guesses your username / email.
• Scammer might know your password (from phishing), or simply click the "forgot password" link on login page.
• Now the scammer's screen says "enter the 2FA code we just sent you".

If the scammer can trick you into revealing your 2FA code, the scammer is in and you're out of your own account! Here's how a scammer steals your 2FA code:

• You get an urgent call or message. "This is your bank. We found suspicious activity in your account. Contact us immediately!".
• In a panic, you contact the provided number.
• "First, we need to verify that it's really you."
• "We sent you a code to secure your account. Read it back to us."

The three early warning signs of a scam are clearly visible. Can you see them?

1. You're in dialog ...

2. ... which you did not start ...

3. ... and the topic turns to money (or anything valuable) …

It's a scam!

Let's take a closer look:

1. You're in a dialog ...

An unexpected message or call urges you to "contact us". You're pressured to act immediately without thinking.

2. ... which you did not start ...

An imposter contacted you.

3. ... and the topic turns to money (or anything valuable) …

A 2FA code is extremely valuable! It's the final barrier to full and instant access. Give away your 2FA code and you just gave away your account to a scammer..

We could talk about complicated methods to scientifically determine the source of a phone call, etc. But there's no need. You already have the three early warning signs of a scam:

1. You’re in a dialog ...

2. … which you did not start ...

3. … and the topic turns to something valuable (login credentials) ...

It's a scam!

There are a lot of scammers nowadays. Let's make their lives more difficult and less profitable, by recognizing the early warning signs of a scam. 

2FA codes serve one purpose only: they complete a login that YOU started. If you did not start the dialog, and someone wants your 2FA code, it's a scam. Don't let anyone pressure you into sharing your 2FA code. If you're worried about suspicious activity in your account, start a brand-new login dialogue on YOUR terms, not the scammer's.

Don't get scammed! Get a second opinion: fast, secure, easy, confidential, free! Contact ScamAvoid on (we're everywhere: Facebook, X (formerly Twitter), Instagram, ScamAvoid.com, email, etc.)