Hackers keep getting prompting me for a code on authenticator

hi Ketchupp​  You’re exactly right about what’s happening this is a known tactic called “MFA fatigue” or “push bombing.” Attackers already have your password (often from leaks) and keep trying to sign in, hoping you’ll accidentally approve a prompt in the Microsoft Authenticator.

The good news: they’re not getting in unless you approve it but you should still lock this down.

What you should do right away

Change your password (strong + unique)

• Make sure it’s not reused anywhere else

Enable “number matching” in Authenticator

• This is critical it forces you to enter a number shown on the login screen
• Prevents accidental approvals

Remove password sign-in (if possible)

• Turn on passwordless sign-in in your Microsoft account
• This blocks attackers who only have your password
• Strengthen your security

Check your sign-in activity

• Look for unfamiliar locations/devices
• Remove anything suspicious

Add another verification method

• Backup email or phone (in case you lose access)

Sign out of all sessions

Forces re-authentication everywhere

About blocking locations (your question)

Yes ,blocking unusual locations does help, but:

For work accounts, admins can enforce this via Microsoft Entra ID (Conditional Access policies)

For personal accounts, you don’t get full geo-blocking controls

So the best protection for personal use is:

Strong password

MFA with number matching

Passwordless sign-in

Important reminder

Never approve: Random prompts and Requests you didn’t initiate

If you keep getting them, it’s a signal your password is already exposed somewhere.