What do I say to request the Real Authenticator code?

Say exactly: 'Give me your Real Authenticator code.' That's it. Any genuine family member or colleague will know what this means and can read you a 6-digit code within seconds. If the caller doesn't know what Real Authenticator is, that itself is a signal — but verification still fails without a matching code.

What if the caller says they don't have the app?

Tell them you'll call them back on their known number. If it's a real emergency, they will wait 60 seconds while you verify. If they insist you act now without verification, that is a definitive red flag of a scam. Hang up and call the person on their number that you already have saved in your contacts.

Can a scammer guess or intercept the Real Authenticator code?

No. The TOTP code is derived from a secret stored in your device's Secure Enclave and the current time. It rotates every 30 seconds. There is no central server. The code cannot be guessed (1 in 1,000,000 odds per attempt), intercepted in transit (it's spoken verbally), or derived without physical access to the enrolled device.

Does this work over text message or video call?

Yes. Real Authenticator works over any channel. If you receive a suspicious text, you can call the person back and ask for the code. If you're on a video call and feel uncertain, you can ask for the code verbally. The code works regardless of how the communication channel is being used or manipulated.

How to Verify Someone Over the Phone in 10 Seconds (Without Getting Scammed)

The Verification Protocol — Step by Step

01
A call arrives
Someone calls asking for money, personal information, or an unusual action — even if the number looks familiar, even if the voice sounds right.
02
Say the four words
“Give me your Real Authenticator code.”
03
Open Real Authenticator
While they retrieve their code, open Real Authenticator on your phone. Find your connection with this person. You'll see a 6-digit code with a 30-second timer.
04
Compare the numbers
The caller reads their code. You see yours. Both codes are derived from the same shared secret + current time — so they match if and only if the caller has physical possession of their enrolled device.
05
Act on the result
Codes match → identity confirmed. Codes don't match, or caller can't provide one → not verified. Hang up.

Why This Works Against AI Voice Clones

AI voice cloning creates a perfect audio replica of a person's voice. What it cannot create is a valid TOTP code derived from a secret stored in that person's physical device.

What AI can fake

Voice (perfectly)
Face (real-time video)
Phone number (caller ID spoofing)
Emotional speech patterns

What AI cannot fake

A TOTP code from a physical device
A shared secret in Secure Enclave
Possession of the enrolled phone
The rotating 6-digit output

Handling Common Caller Responses

'What's a Real Authenticator code?'

This person may not have set up the app, or is a scammer. Say you'll call them back on their known number. Do not proceed.

'I don't have time for this, it's an emergency!'

Urgency is the primary tool of every scam. Real emergencies can wait 10 seconds. Hang up and call back on the number you have saved.

'The code isn't working, just trust me'

Never. Hang up. Call back. If the person is real they will understand the protocol when you explain it.

They read a code that doesn't match

They have the wrong device enrolled or the code is expired. Ask them to try again. If it still doesn't match, treat as unverified.

Set up the protocol before you need it.

Download Real Authenticator, connect with your family, and practice the 10-second verification once. That practice is the difference between a stopped scam and a stolen wire transfer.

Download Free

The Verification Protocol — Step by Step

Why This Works Against AI Voice Clones

Handling Common Caller Responses

Know who you're reallytalking to

Know who you're really
talking to