Forum Discussion

Ketchupp's avatar
Ketchupp
Copper Contributor
Mar 21, 2026

Hackers keep getting prompting me for a code on authenticator

Hello,

 

I'm noticing that I get a random prompt for a code on the Authenticator app whose location appears to be in the Netherlands.  I'm under the impression that these hackers just try logging into numerous accounts hoping that their victims will unknowingly push on a confirmation number and let them in.  Is there a way to help prevent this?  I would imagine that preventing logins based on unusal locations would help stop it but would like to hear your take.

 

Thanks!

Account Management
Login
Notifications

2 Replies

  • Hornblower409's avatar
    Hornblower409
    Iron Contributor
    Mar 29, 2026
    Ketchupp wrote:

    Is there a way to help prevent this? 

    Yes. Create a Login Only Alias and disable Sign-In for your current email address. Then, if all the Bad Guys have is your old email alias, they get "This username has been turned-off for sign in" at the very first step of the logon process and can not continue.

    See the answer by "Hornblower409 Feb 27, 2026" in
    https://learn.microsoft.com/en-us/answers/questions/5789093/i-get-a-few-2fa-notifications-from-canada-daily-us

     

     

  • Surya_Narayana's avatar
    Surya_Narayana
    MCT
    Mar 29, 2026

    hi Ketchupp​  You’re exactly right about what’s happening this is a known tactic called “MFA fatigue” or “push bombing.” Attackers already have your password (often from leaks) and keep trying to sign in, hoping you’ll accidentally approve a prompt in the Microsoft Authenticator.

    The good news: they’re not getting in unless you approve it but you should still lock this down.

    What you should do right away

    Change your password (strong + unique)

    • Make sure it’s not reused anywhere else

    Enable “number matching” in Authenticator

    • This is critical it forces you to enter a number shown on the login screen
    • Prevents accidental approvals

    Remove password sign-in (if possible)

    • Turn on passwordless sign-in in your Microsoft account
    • This blocks attackers who only have your password
    • Strengthen your security

    Check your sign-in activity

    • Look for unfamiliar locations/devices
    • Remove anything suspicious

    Add another verification method

    • Backup email or phone (in case you lose access)

    Sign out of all sessions

    Forces re-authentication everywhere

    About blocking locations (your question)

    Yes ,blocking unusual locations does help, but:

    For work accounts, admins can enforce this via Microsoft Entra ID (Conditional Access policies)

    For personal accounts, you don’t get full geo-blocking controls

    So the best protection for personal use is:

    Strong password

    MFA with number matching

    Passwordless sign-in

    Important reminder

    Never approve: Random prompts and Requests you didn’t initiate

    If you keep getting them, it’s a signal your password is already exposed somewhere.