Share via

How to block badactors who trying to hack my account?

Illia 20 Reputation points
2026-05-03T10:58:51.8666667+00:00

I am constantly receiving a 2fa sign in request, when I am opening Microsoft authenticator. Somebody is trying to get into my account for the last half year. I can see that somebody trying to log in from a different locations. I've changed the password several times but it doesn't help. What else can I do to stop them?

Microsoft Security | Microsoft Authenticator
0 comments

Answer accepted by question author

Nathan Roberts (SN) 11,376 Reputation points Volunteer Moderator
2026-05-03T13:32:04.08+00:00

Hey there, Illia

From what you are describing, with the constant 2FA requests, suggests that automated bots are trying to access your account using a method known as credential stuffing.

This is where a attackers will generally use sign in information such as email addresses and passwords that have been obtained online. They generally place the email address in a bot that will constantly inject the username and passwords into the login box to try and gain access to the account.

This is why you are receiving multiple requests to sign into your account. While this doesn't mean your account has been compromised, the attacker is hoping you will accidently click yes to sign in on their request. Especially if you are trying to sign in too and are expecting a request to come through on the authenticator app.

Changing your password doesn't stop these attempts because the bot that is behind this isn't reacting to your password change. All it is doing is running through a list of leaked passwords automatically, putting each one into the password box.

To reduce or stop these attempts, make sure you’re using a strong, unique password and keep MFA enabled as this prevents the attacker from getting in.

If the constant MFA prompts are disruptive, one effective option is to change your Microsoft account’s primary alias (your sign‑in email). You can optionally delete the old alias once the new one is set as primary. This prevents bots from continuing to trigger MFA prompts using the old sign‑in address. Changing your primary alias doesn’t delete your mailbox or emails, it only changes the address you use to sign in.

To change this on Microsoft personal accounts, please sign into your Microsoft account here: https://account.live.com/names/manage

Once you have signed into your account, you can add an email address to use when signing into your Microsoft account. You can then click onto the link to change sign in preferences and select the new email you have added and de-select the previous email.

If this is a work account, you would need to change this through the Microsoft Entra admin portal here: https://entra.microsoft.com

You, or your admin, will need to click onto your account and change your username for your email address. However, when doing this, you would need to inform contacts of this change and update any sites that use your email address for sign in.

You can also check whether your email address has appeared in a known data breach using a service like “Have I Been Pwned" found here: https://haveibeenpwned.com/

I know this is a long winded post, but do hope the information in this post is helpful,
Nathan

Was this answer helpful?

2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Mobolaji Abiodun 0 Reputation points
    2026-05-03T13:54:08.2+00:00

    The easiest way is to change your password. I would advise using a password manager so the password selected can be totally random. Increase the character count to increase security.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-03T10:59:04.4933333+00:00

    To reduce or stop repeated malicious sign-in attempts while keeping the account secure, take these steps:

    1. Strengthen sign-in security
      • Keep a strong, unique password and do not reuse it on other sites.
      • Ensure two-step verification (multi-factor authentication) stays enabled so attackers cannot get in even if they guess the password.
    2. Review recent sign-in activity
      • For a personal Microsoft account, review the Recent activity page as described in the unusual sign-in guidance. Confirm which sign-ins are not yours and mark them as such. This helps Microsoft’s systems better detect and block suspicious attempts.
      • For a work or school account, use My Sign-ins to review successful and unsuccessful sign-ins. If there are unfamiliar successful sign-ins, immediately change the password and update security info. If there are many unsuccessful attempts, that indicates someone is trying to guess the password; keeping two-step verification enabled is the main protection.
    3. Respond to unusual sign-in alerts
      • When Microsoft detects sign-ins from new locations or devices, it sends alerts to alternate contact methods and requires a security code. Always verify these alerts and only approve sign-ins that are actually initiated.
      • If any alert or sign-in looks unfamiliar, change the password and review security info right away.
    4. Check and update security info
      • Make sure all phone numbers, alternate emails, and authentication methods listed in the account’s security settings are recognized and under control.
      • Remove any methods that are not recognized.
    5. Understand that repeated failed attempts may continue
      • Attackers can keep trying passwords from their own systems; these attempts cannot be fully “blocked” at the source by the account owner.
      • Microsoft’s systems automatically assess sign-in trustworthiness and can temporarily block or challenge suspicious attempts with extra verification.
    6. If sign-in blocks or “Try another verification method” appear
      • Follow the guidance for account blocks:
        • Try another verification method (for example, alternate email instead of SMS, or vice versa).
        • Try another network (switch between Wi‑Fi and cellular, or use a different Wi‑Fi network).
        • Wait without repeated attempts if a temporary block is in place, as repeated attempts can extend the block.

    These steps do not stop attackers from trying, but they ensure they cannot successfully access the account and help Microsoft’s protection systems better detect and limit suspicious activity.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.