How to Fix the Big Problems With Two-Factor and Multifactor Authentication

how to fix 2fa not working

Planning ahead is the best way to ensure you don’t end up locked out of 2FA. Call your wireless carrier, and set a PIN to protect your phone’s plan. This will prevent attackers from porting your number, or “SIM jacking,” in order to intercept authentication codes sent via voice call or SMS message. We don’t recommend using either of these methods for 2FA, but many sites and services will default to phone contact as a means of authentication or account recovery. Each authenticator app handles backups a little differently. Our top pick, Duo Mobile, stores its backup in iCloud or Google Drive, depending on your platform, and it secures its backup with a special password you need to retrieve it.

Fix common issues with 2-Step Verification

Try these solutions in order until you can receive verification messages. The bottom line is that phone numbers can be assigned to more than one person. Attackers (or accidents) can separate phones from their owners. And so for many reasons, 2FA or MFA that includes texting is far less secure than many other methods. Within one week they found roughly 10% of them receiving privacy or security related messages directed at the previous owners. Princeton University researchers sampled 259 phone numbers offered by two U.S. wireless carriers.

If you have another second step

Some backup codes are intended to be used in place of codes generated by authenticator apps. Other sites, like X (Twitter) and Google, have a dedicated interface for entering backup codes. When you log in to X, you’ll be given the option to use a second factor or enter a backup code.

How to Fix Twitter 2FA Not Working

Cyber criminals can intercept texts using any number of specialized wireless systems. Attackers can trick, blackmail or bribe phone company employees into transferring phone numbers to a cyber criminal’s SIM card (called SIM swapping). Hence, if you don’t have any blocked numbers but you still can’t receive codes, the error is caused on Twitter’s end. Some services that offer “family plans” allow other members to make changes to the plan or even re-authenticate people. If you’re locked out of a family plan, check with those people as well. Max Eddy is a writer who has covered privacy and security—including password managers, VPNs, security keys, and more—for over a decade.

It’s bad enough that texting and smartphones are insecure methods, but usernames and passwords are, too. Far too many users use weak passwords that they reuse for multiple sites, and threat actors steal far too many of these and make them available on the dark web for other cyber criminals. It turns out that threat actors can figure out which phone numbers on wireless providers’ websites are ‘recycled’ numbers — once used but now abandoned.

  1. If you turn off the security feature, you must also update the services you previously configured with an app password to use the traditional authentication method (password).
  2. And then look to see what other MFA options are available and if you’ve enabled them.
  3. If you’re locked out of a family plan, check with those people as well.
  4. Other sites, like X (Twitter) and Google, have a dedicated interface for entering backup codes.

So if you’ve also lost your password, you may be out of luck. After you complete the steps, when logging in from an unrecognized device, you will receive an alert on the phone to confirm access to the account. Getting a second opinion is a great idea in both medicine and end-user cybersecurity. Two-factor authentication (2FA) and multifactor authentication (MFA) are powerful tools in the fight against all kinds of cyberattacks that involve end-user devices and internet-based services. If the website still doesn’t accept the code your app is generating, don’t panic!

A security key, passkey, or Google’s push notification verification are good choices. Protecting your accounts with 2FA is a good idea, but things can go awry. What happens if your phone dies and your authenticator app can’t generate codes? You won’t be able to access your accounts unless you find another way to log in—or use a site’s recovery tools.

Apple has also rolled out new security features, to prevent iPhone thieves from hijacking your Apple ID. Secure your primary email accounts with 2FA and recovery options. Google and Apple accounts can use trusted devices to authenticate your accounts. When you’re logging in with your Apple ID, Apple may send a verification message to other devices where you’re already logged in, or the device itself can generate a code. Similarly, Google has the option to send push notifications to devices where you’re logged in with your Google account that will authorize a new login. If you’re locked out of one of these accounts, check your old devices.

Google Authenticator, meanwhile, is attached to your Google Account and can sync accounts across devices. Many 2FA and account-recovery systems rely on having access to a trusted mobile device. So keeping your iPhone or Android safe also helps to protect all of your other accounts. To guard against attacks and theft, most modern phones have built-in protections that are tied to accounts registered with the manufacturer. If you have a Windows PC, be sure to do the same with your Microsoft account.

how to fix 2fa not working

Because Fortnite is so well-liked, hackers are constantly attempting to access your account and steal your favorite skins, therefore turning on 2FA is essential for preventing intrusion. 2-factor authentication on Twitter adds an extra layer of security to your account. If you have to start working through the account-recovery process, be on guard for phishing attempts. Scammers know that desperation and urgency work to their advantage, so stick to the recovery mechanisms provided directly by the sites you have accounts with.

In his free time, Lim plays multiple games like Genshin Impact, League of Legends, Counter-Strike, Hearthstone, RuneScape, and many others. He creates guides, walkthroughs, solutions, and more on games that he plays to help other players with their progression. Lim How Wei is the founder of, with 8+ years of experience in Social Media Marketing and 4+ years of experience as an active investor in stocks and cryptocurrencies.

Don’t panic, there are several likely fixes for not receiving verification codes on Android. If you turn off the security feature, you must also update the services you previously configured with an app password to use the traditional authentication method (password). Once you complete the steps, as you access the account, you can complete the security code what are the main technique are price level accounting using one of the contact methods on the account. The next step is to set up two-step authentication on your Microsoft account. However, before proceeding, it is critical to have multiple contact information to prevent getting locked out of the account. If you need to update your security information, use the steps below to continue setting up the feature.

If you use a Microsoft account, you should enable two-step verification to add an extra layer of security, and here’s how. In the past, people assumed that only the original signer could write their signature the way they do. When we assume that only a real user could have the registered face or fingerprint, that’s a pretty good assumption, too. However, if you lose your phone or text messages aren’t working, you won’t be able to access your account.

Here we show you how, and we tell you what to do if you’ve already lost access to your account. Once you’ve exhausted all of your options, it’s probably time to begin the account-recovery process. Each site handles this differently, so take a moment to read the support documentation about the process.

Leave a Comment

Your email address will not be published. Required fields are marked *

13 − twelve =

Shopping Cart