Share via

Repeated foreign login attempts despite password change and 2FA enabled

David lindegaard 0 Reputation points
2026-02-28T17:45:49.03+00:00

Hello,

I am experiencing repeated login attempts on my Microsoft account from different countries around the world, even though I have already changed my password and enabled two-factor authentication.

I live in Denmark and only access my account from here. However, in my recent activity log I can see login attempts from locations such as:

  • Kenya

Tunisia

Spain

Hong Kong (SAR)

All of them show:

Device/platform: Windows

Browser/app: Microsoft Edge

Session activity: “Request for additional verification”

In most cases, it says “Logon performed,” followed by “Request for additional verification.” I have not approved any of these attempts, and I have not shared my credentials with anyone.

For reference, this is a personal Microsoft account ([my email address]).

I have already:

Changed my password to a strong, unique password.

Enabled two-factor authentication.

Reviewed and secured my recovery information.

Despite this, I continue to receive these login attempts from various countries.

Is this normal behavior (for example, automated bot attempts), or does this indicate that my account is still compromised in some way? Is there anything further I should do to secure my account?

Thank you for your help.Hello,

I am experiencing repeated login attempts on my Microsoft account from different countries around the world, even though I have already changed my password and enabled two-factor authentication.

I live in Denmark and only access my account from here. However, in my recent activity log I can see login attempts from locations such as:

Kenya

Tunisia

Spain

Hong Kong (SAR)

All of them show:

Device/platform: Windows

Browser/app: Microsoft Edge

Session activity: “Request for additional verification”

In most cases, it says “Logon performed,” followed by “Request for additional verification.” I have not approved any of these attempts, and I have not shared my credentials with anyone.

I have already:

Changed my password to a strong, unique password.

Enabled two-factor authentication.

Reviewed and secured my recovery information.

Despite this, I continue to receive these login attempts from various countries.

Is this normal behavior (for example, automated bot attempts), or does this indicate that my account is still compromised in some way? Is there anything further I should do to secure my account?

Thank you for your help.

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Paulo GM 60,845 Reputation points Independent Advisor
    2026-02-28T19:13:57.0866667+00:00

    Hi,

    That’s definitely not normal. I’ve gone through something similar before. In my case, one of the websites or apps I used suffered a breach, and my email address ended up circulating on the dark web along with other users’ data.

    There’s a good chance these sign-in attempts are happening because your email was included in a data leak somewhere as well. Hopefully none of those attempts were successful and It’s great that you’ve already taken action by updating your password and enabling two-factor authentication. You can also take advantage of the 'Sign out everywhere option' to sign out your account on other devices.

    These attempts may continue unless you create a new email alias and turning off the old one as a sign-in option. This is the only method that worked for me, and I believe it’s the most effective solution to completely stop these for good. I recommend checking out this solution where I get the steps in resolving this problem.

  2. Q&A Assist
    2026-02-28T17:46:08.5266667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Those sign-in attempts are consistent with automated or malicious password-guessing activity against the account, not with normal use. Because two-step verification is enabled and the additional verification is not being completed, those attempts are being blocked and the account is not successfully accessed.

    From the Recent activity and My sign-ins views, “Request for additional verification” or “Additional verification requested” indicates that the correct password was entered (or guessed) but an extra security challenge (MFA) was required and not passed. This matches the behavior described in the documentation for unusual or unsuccessful sign-ins:

    • Unsuccessful sign-ins or additional verification failures can mean an attacker is trying to guess or has guessed the password, but cannot pass the second factor.
    • Microsoft explicitly recommends changing the password and ensuring security info is up to date when such activity is seen.

    Given that the password has already been changed and two-step verification is enabled, these events do not by themselves mean the account is currently compromised, but they do show that attackers or bots are repeatedly trying to access it.

    Recommended actions based on Microsoft guidance:

    1. Confirm and monitor sign-in activity
      • Regularly review the Recent activity page for the Microsoft account to confirm that only expected successful sign-ins appear and to understand the meaning of the entries (such as “Unusual activity detected,” “Successful sign-in,” “Incorrect password entered,” etc.). If any successful sign-in or profile change is not recognized, use the built-in options like Secure your account or This wasn’t me where available.
    2. Treat any suspicious successful sign-in as a compromise
      • If a successful sign-in appears from a location, device, or app that is not recognized, Microsoft recommends immediately changing the password again and updating security info. For work/school accounts, also review sign-in logs and contact the IT administrator.
    3. Keep two-step verification and security info hardened
      • Ensure two-step verification remains turned on.
      • Verify that all security info (phone numbers, alternate email addresses, authenticator methods) is correct and under control.
      • Remove any security info entries that are not recognized.
    4. Use built-in “Secure your account” flows
      • On the Recent activity page, if anything suspicious is seen, select Secure your account so Microsoft can guide through additional checks and remediation (such as reviewing security info and sign-out from sessions).
    5. Avoid repeated failed attempts and blocks
      • If many sign-in or verification attempts are made in a short time, Microsoft may temporarily block verification methods or sign-ins to protect the account. In that case, wait for the block to clear and avoid repeated attempts that could extend the lockout.

    If, after monitoring, there are no unrecognized successful sign-ins or profile/security changes, and two-step verification plus a strong password are in place, the account is considered secured even though automated attacks continue to be attempted.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.