I keep getting multiple Authenticator notifications of someone trying to login to my account…it happens multiple times a day, everyday. How do I stop this?

Question

I keep getting multiple Authenticator notifications of someone trying to login to my account…it happens multiple times a day, everyday. How do I stop this?

Answer 1

For detailed instructions on how to setup a Login Only Alias and disable Sign-In for your current email address:

See the answer by "Hornblower409  Feb 27, 2026, 9:41 AM" in
https://learn.microsoft.com/en-us/answers/questions/5789093/i-get-a-few-2fa-notifications-from-canada-daily-us

Answer 2

Hi! Sorry to hear about this.

Additionally, you can try changing the sign-in alias for your Microsoft account. You can manage which aliases are allowed to sign in here: https://account.live.com/SignInPreferences

If you don’t currently have another alias available, you can add a new one here: https://account.live.com/names/manage

I recommend not deleting your current alias, just add the new one and set it as the preferred sign-in. This can help improve account security, especially if your email address has been exposed publicly.

Answer 3

Repeated Microsoft Authenticator prompts usually mean someone (or something like a script/app) is repeatedly trying to sign in as that account and is being blocked at the MFA step.

To stop this and secure the account:

1. Do not approve any unexpected prompts
   • Never approve notifications that were not initiated personally.
   • Never read verification codes to anyone who contacts by phone, text, or email.
2. Review recent sign-in activity
   • Go to the Security basics page.
   • Select Review activity and check the Recent activity and Unusual activity sections.
   • For any sign-in that is not recognized:
     • If it is in Unusual activity, expand it and select This wasn’t me.
     • If it is in Recent activity, expand it and select Secure your account.
3. Change the account password
   • From the same Security basics page, select Change password.
   • Set a strong, unique password that is not reused on other sites.
4. Ensure multifactor authentication (MFA) is correctly configured
   • Keep Microsoft Authenticator enabled and working.
   • If SMS or email codes are also configured, consider whether they are still needed; unused or weaker methods can be removed once fully secured.
5. Consider going passwordless
   • To reduce reliance on passwords (which can be guessed, stolen, or phished), switch to passwordless sign-in methods such as Microsoft Authenticator, Windows Hello, SMS/Email codes, or security keys. See Go passwordless for details.
6. If the attempts continue at high volume
   • Treat this as a sustained attack.
   • Continue to deny all prompts and monitor Recent activity regularly.
   • If this is a work or school account, contact the organization’s IT admin so they can review Microsoft Entra sign-in logs and adjust security policies if needed.

As long as unrequested prompts are not approved and verification codes are not shared, the account remains protected, but the steps above help both stop the prompts and harden the account against future attacks.

---

References:

• What happens if there's an unusual sign-in to your account
• Common problems with two-step verification for a work or school account
• Microsoft Authenticator FAQs