Share via

Receiving continuous Microsoft verification codes without requesting them

اسامه محمد احمد عبدالله مصطفى 0 Reputation points
2026-04-20T19:50:46.13+00:00

Hello,

I am experiencing a security issue with my Microsoft account and would appreciate any guidance.

For several days, I have been receiving repeated verification code messages on my phone number linked to my Microsoft account. These messages are sent daily, sometimes multiple times a day, even though I have not attempted to log in or requested any authentication.

I have already changed my account password, but the issue persists.

This makes me concerned that someone might be trying to access my account.

Has anyone experienced something similar? What additional steps should I take to secure my account and stop these verification messages?

Thank you.

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-04-20T19:51:01.58+00:00

    The repeated verification codes indicate that either someone is repeatedly trying to sign in using the phone/email on the account, someone mistyped their own phone/email and is hitting the account by accident, or delayed codes from earlier requests are arriving.

    Do not respond to or use any verification codes that were not requested. Without those codes, an attacker cannot complete sign-in.

    To secure the account further and reduce these messages:

    1. Enable and use a passwordless sign-in method
      • Set up a passwordless option such as Microsoft Authenticator, Windows Hello, SMS/Email codes, or a physical security key as the primary sign-in method. Going passwordless makes sign-in more secure and can reduce reliance on SMS codes.
      • Follow the guidance in Go passwordless for the Microsoft account or work/school account:
        • Passwordless methods (Windows Hello, Microsoft Authenticator, SMS/Email codes, security keys) provide stronger protection than passwords alone.
    2. Review and update security info
      • Confirm that the phone number and email addresses listed as security info are correct and belong to the account owner.
      • If any phone/email is not recognized, follow the account recovery guidance to secure the account and remove unrecognized info.
    3. Continue to ignore unrequested codes
      • As long as the codes are not entered anywhere, the account remains safe even if someone is trying to access it.

    If codes continue and there is concern about compromise, complete the standard account recovery and security review process for the Microsoft account, then rely on Authenticator or another passwordless method going forward.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.