This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
This started about a month ago where I have had someone who seemingly knows my password attempt to log into my Email with said password and would send a notification to my MFA app (which I promptly decline); I change my password and sometimes not even a day later I get another attempt; I've even changed the password from my mobile device thinking that they have a keylogger on my PC and don't even use the PC to check emails, yet they still somehow know my password and attempt to log in again.
I'm getting tired of creating long intricate passwords only for them to be discovered and having attempts on my account, and I am afraid that if I don't change my password they will attempt to remove my MFA and gain access to my account. What can I do to stop these attacks and gain some peace of mind back?
Managing personal Outlook.com account settings, security, and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 12%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER6%3C/text%3E%3C/svg%3E)
No they don't know your password and don't need it. They can annoy you forever with MFA requests until you make a mistake (tapping Allow). Many suggests enabling MFA. I suggest disabling it in this case (ie. getting non stop MFA requests). Just use a very long and strong password.
Who's to say, maybe that's the scammer's goal, get someone to turn of MFA.
Then eventually the long complex password is to inconvenient too, so back to "Password123$".
Of course, people need to make their own choices, Security vs. Minor Inconvenience. For me, I'll chose Security every time. I say Minor because turning off the App's notifications is an option and only use the app when you are expecting a notice.
I changed from Microsoft Authenticator to Google Authenticator, No notifications and they have to enter the changing 6 digit pin so they will just be rolling pins all day long
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
Someone doesn't need to know your password to generate a MFA request.
Also, they can't be stopped until they get bored and move on.