Authenticator App Issues: Wrong Account Login

TL;DR

A user logged into the wrong account because their authenticator app was showing codes for a different account. This usually happens when they’ve added multiple accounts to the same authenticator app, or if an account recovery process went wrong. To fix it, remove the incorrect entry from the authenticator app and re-add the correct one. To prevent this, use separate authenticator apps for important accounts, and carefully verify QR codes during setup.

What Happened?

When you enable two-factor authentication (2FA) with an authenticator app (like Google Authenticator, Authy, or Microsoft Authenticator), the app generates time-based one-time passwords (TOTP). These codes are specific to each account. If a user adds multiple accounts to the same authenticator app, it’s easy to accidentally use a code intended for one account when logging into another.

How to Fix It

1. Identify the Incorrect Account: Ask the user which account they were trying to log into and which account the authenticator app codes are currently showing for.
2. Remove the Wrong Entry from the Authenticator App: The process varies slightly depending on the app:
   • Google Authenticator: Open Google Authenticator, tap and hold the incorrect account entry, then select ‘Remove’.
   • Authy: Open Authy, find the incorrect account, swipe left on it, and tap ‘Delete’.
   • Microsoft Authenticator: Open Microsoft Authenticator, tap the three dots next to the incorrect account, then select ‘Remove Account’.
3. Re-add the Correct Account: This is crucial. The user needs to re-enable 2FA for the correct account and scan the new QR code provided by the service.
   • The service will usually provide a QR code during the setup process. Use the authenticator app to scan this code.
   • Make sure the account name displayed in the authenticator app is accurate after adding it.
4. Verify Functionality: After re-adding, test logging into the correct account with a newly generated code from the authenticator app.

Preventing This in the Future

1. Use Separate Authenticator Apps (Recommended): For high-security accounts (email, banking), consider using a dedicated authenticator app for each account. This eliminates the risk of mixing up codes.
2. Carefully Scan QR Codes: Double-check that you are scanning the correct QR code provided by the service during 2FA setup. Avoid taking screenshots of the QR code, as this can introduce security risks.
3. Backup Your Accounts: Most authenticator apps offer backup options (e.g., Authy’s cloud backups). Enable these to recover your accounts if you lose access to your device.

   # Example Authy Backup Instructions (general)

4. Recovery Codes: When enabling 2FA, always save the recovery codes provided by the service in a safe place. These are essential for regaining access if you lose access to your authenticator app.

   # Example Recovery Code Storage (general)

5. Account Recovery Processes: Understand the account recovery process for each service *before* enabling 2FA. Some services have complex recovery procedures that can be difficult if you lose access to your authenticator app and don’t have recovery codes.

   # Example Account Recovery (general) - check service documentation