Share via

How to address unauthorized sign-in attempts

Anonymous
2023-06-23T19:57:34+00:00

There really wasn't a good category to post this in. So, I just went with Outlook.

Over the past couple of months I've been getting several sign-in attempt notifications through the Microsoft Authenticator app a day. Of course, I always deny them. Usually I don't see them until hours later due to the time of the attempts. I changed my password and I always use unique, long, complicated passwords for all my accounts, but that didn't stop the attempts. I'm assuming they somehow got a hold of a session cookie. I've already cleared all my browsers on all my machines. I'm about to do it again just to be safe. Does anyone have any recommendations? Must I have missed a browser?

I'm getting multiple attempts a day from multiple countries throughout North America, South America, and Asia. My current measures seem to be holding for now but it is concerning that my MS account made it on someone's list. My password is plenty complex enough that they shouldn't have been able to crack it and I still have control of my account.

Outlook | Outlook for mobile | Outlook for iOS | For business

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

18 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-07-05T20:59:36+00:00

    Three times this week I’ve had an email sent to me with a “one time code” request. It’s not me doing it and I’ve tried to contact Microsoft regarding it but they make it damn near impossible to do so. If they cared at all about our privacy and security they’d make contacting them a lot easier than it is now.

    I’ve checked the integrity of my account and according to Microsoft there’s no issues found so I’ve no idea what or who is requesting these codes. If you get one of these emails though don’t click on the link or use the code simply delete the email.

    Another measure to take it 2SA, link another one of your email address as your backup and also link your phone number too. That way you’ll still get notified if someone tries to gain unauthorised access as the code will be sent to you not them. Microsoft need to make some changes though in the way we can get help with this.

    Was this answer helpful?

    10+ people found this answer helpful.
    0 comments
  2. Ron-6928 4,991 Reputation points
    2023-06-23T21:27:28+00:00

    It's exhausting changing my password every single day, sometimes even multiple times a day, only to get this happen again the next day, and multiple times throughout the day.

    Why??? They don't even need password to trigger 2FA on your phone.

    See that "Other ways to sign in"? Click/tap it.

    The next window, choose Approve...

    See, no password needed.

    Was this answer helpful?

    10+ people found this answer helpful.
    0 comments
  3. Brian Tillman 25,440 Reputation points Independent Advisor
    2023-06-23T20:34:24+00:00

    Hi. I'm Brian and I will do my best to help you.

    You can't stop the attempts once your address is in the wild, but you can stop the successful attempts, as you have been doing. As long as your password is long, complex and unique (not used for any other service) and you use two-factor authentication, you're protected.

    You might want to check if your address was part of a data breach by visiting https://haveibeenpwned.com/, a web site run by Microsoft MVP Troy Hunt. It is perfectly safe. It will tell you is any address you use (or any password, for that matter) has been part of a data breach. Any data you enter to check is not retained.

    Was this answer helpful?

    7 people found this answer helpful.
    0 comments
  4. Ron-6928 4,991 Reputation points
    2023-06-23T22:28:32+00:00

    You're overthinking it. Passwordless authentication is what it is.

    Was this answer helpful?

    5 people found this answer helpful.
    0 comments
  5. Anonymous
    2023-06-23T21:02:43+00:00

    I don't have a solution -- but wanted to say I'm experiencing the exact same thing.

    I'm aware my email was compromised via data breaches (as shown on haveibeenpwned), but I have no idea how these hackers are guessing my password and triggering the 2FA -- like you, my passwords are plenty long, complex, and not easily guessable.

    If I review attempted sign-in activity via the MS 2FA app, I notice the trend of an IP address incorrectly entering the password, and within the next minute, they must have cracked the password and triggered a 2FA to me, which I deny.

    It's exhausting changing my password every single day, sometimes even multiple times a day, only to get this happen again the next day, and multiple times throughout the day.

    Was this answer helpful?

    5 people found this answer helpful.
    0 comments