A one-time code is a small thing doing an important job: keeping someone who isn't you out of your account. Here's exactly what we do with it — and what we'd never do.
When a business needs to be sure the person signing in is really you, it asks Authifly to send a code. Three things are true of every one we send.
The code proves the person at the keyboard is really you before you're let in — so an account stays yours, not someone else's.
We detect SIM-swaps, recycled and fake numbers, and fraud patterns — so a bad actor can't slip in pretending to be you.
Codes are single-use and expire in minutes. We never store your code or your details — it's sent, checked, and gone.
Verification codes work because only you should ever see yours. Scammers know that — so the trick is almost always to get you to hand the code over. Once you know the pattern, it's easy to spot.
A genuine Authifly code will never ask you to read it out, type it into a chat, or forward it to anyone — not to "support," not to a "courier," not to your "bank." We only ever ask you to enter it yourself, on the screen where you're signing in. Anyone asking you to share a code is trying to get into your account.
If a message points you somewhere to "confirm" or "verify," don't tap the link. Open the business's official app or type its website address yourself, and act there. A code on its own is harmless — it's only dangerous if someone talks you into giving it away.
If a code arrives out of the blue, you don't need to do anything. It's useless to anyone without your device, and it expires on its own in minutes. If they keep coming, it usually means someone is trying your details on a login — a good moment to change that password.
You never have to act on a code you weren't expecting. Walk through what it means, and if you're still unsure, reach the business directly — through its official app or website, not a number from the message.
Yes — as long as you enter it yourself, on the screen where you started signing in or creating an account. That's exactly what a code is for. The only unsafe thing is reading it out or sending it to someone else, so never do that, no matter who asks.
Not on its own. A code only lets someone in if they already have your password and you also hand them the code. That's why scammers try to talk you into sharing it. Keep the code to yourself and it does its job: it keeps anyone who isn't you out.
You don't need to do anything. An unrequested code can't be used by anyone without your device, and it expires in minutes. If they keep arriving, it often means someone is trying your details on a login — a good reason to change that account's password.
Bird is the company behind Authifly. It's a trusted communications provider used by tens of thousands of businesses worldwide to send messages safely. When a business uses Authifly to confirm it's really you, that verification runs on Bird's network.