Forum Discussion

Ketchupp's avatar
Ketchupp
Copper Contributor
Mar 21, 2026

Hackers keep getting prompting me for a code on authenticator

Hello,   I'm noticing that I get a random prompt for a code on the Authenticator app whose location appears to be in the Netherlands.  I'm under the impression that these hackers just try logging i...
Account Management
Login
Notifications
decipherpunk's avatar
decipherpunk
MCT
May 28, 2026

Hi Ketchupp,

 

TLDR- rotate the password to something brand new, add a passkey, and the spam dies off on its own.

 

You've nailed the diagnosis, this is MFA push fatigue. They have your password from somewhere have you checked haveibeenpwned.com, almost always an old third-party breach, and they're hoping you'll tap Approve on autopilot. The Netherlands location is just where their VPN/proxy exits, not actually where they are.

 

 Talking out of experience, I was personally banned/revoked out of MCT itself which came as a surprise email to me, only to realize my account password exposed in a 3rd party breach & later got them access to my account & training licenses which were misused. Target maybe.

 

A few things on top of what's already been said here:

 

The fact that you're getting a number prompt & not a Yes or No tap means number matching is already on Microsoft made that mandatory i suppose in 2023, so the "accidentally approve" risk is mostly closed.

 

The single highest leverage move is adding a passkey to your account account.microsoft.com > Security > Advanced > Add a sign-in method > Passkey, then turning on Passwordless account. That removes the password from the auth equation entirely, and the push spam stops within a day or two because there's nothing for the attacker's stolen password to match, And on the Passkey if you are buying Security keys like Yubikey might as well two.

 

Take a look at your sign-in activity at account.live.com/activity confirm none of those Netherlands attempts actually succeeded.

 

On geo blocking: you're right that it would help, but Microsoft only exposes that control for work or school accounts via Entra Conditional Access. For personal accounts there's no equivalent toggle your personal stance should be strong auth passkey & number-matching MFA is the protection, not geo-restriction, because consumer geofencing locks people out when they travel or use a VPN.

 

In fact, I am writing this response after 3 years because after getting access back to at least for now to lounge. 

 

Cheers,

Decipher Punk