Skip to main content

I received a Formulayt one-time passcode (OTP) email but I didn't try to log in

Why you might receive an unexpected OTP email and how to secure your account.

Updated over 2 months ago

Understanding unexpected OTP emails and steps to secure your account

Received a one-time passcode (OTP) email from Formulayt when you weren't trying to log in? Don't panic - this can happen for several innocent reasons. This guide explains why this occurs and how to secure your account.

Why did I receive an unexpected OTP email?

There are several common reasons why you might receive an OTP email without actively attempting to log in:

30-day security cookie expiry

  • Security cookies expire after 30 days for your protection

  • If you've left Formulayt open in a browser tab or device and the cookie expires

  • The system automatically generates a new cookie on the next page load

  • An OTP email is sent as part of this security refresh

  • This does not always correspond to an actual login attempt

Forgotten logged-in sessions

  • You may have logged in on a device and left the session running

  • Examples: work laptop, home computer, tablet, or mobile device

  • These sessions can trigger OTP requests when the security cookie expires

Legitimate login from an expected location

  • Check the IP address location mentioned in the OTP email

  • If it matches your normal work location or where you typically access Formulayt, it may be from one of your own devices

How to secure your account

If you're certain you didn't attempt to log in, or if you're unsure whether all login activity is yours, follow these steps to secure your account:

1. Change your password

  • Click your user menu in the top right corner of the Formulayt admin area

  • Select "Change password"

  • Choose a strong, unique password you haven't used elsewhere

2. Enable Two-Factor Authentication (2FA)

  • From the same user menu, select "Enable 2FA"

  • Follow the setup instructions using Google Authenticator App

  • This adds an additional layer of security beyond just your password

  • To learn more, read the Two-Factor Authentication guide

3. Sign out of all active sessions

  • From your user menu, select "Manage sessions"

  • Review the list of active sessions

  • Click "Sign out all sessions" to end any sessions you don't recognize

  • You'll need to log back in on your current device

Did this answer your question?