Authenticator App Notifications

Question

I repeatedly get notifications as if someone is trying to log into my Microsoft account or possibly another account I use my 2FA for. It just asks me if I want to deny the log in or select a number to complete the sign. Obviously I deny it every time . I have changed my passwords multiple times and I still receive this. I have never had any issues with any of my accounts but this has been happening for almost a year now. What do I do? Should I be worried?

Answer 1

Hey there, Ryan Brink

From reading what you have posted, this looks like automated bots attempting to access your account using a method called credential stuffing.

Attackers use email addresses and passwords that have been leaked in data breaches. They load these into a bot that repeatedly tries different username and password combinations for sites.

This is why you’re receiving multiple Authenticator notifications. It doesn’t mean your account has been compromised. The attacker is simply hoping you’ll accidentally approve one of the prompts, especially if you’re expecting a legitimate sign‑in at the same time.

Should I be worried?

I would stay calm, as they haven't gained access to your account yet. I would recommend checking “Have I Been Pwned" found here: https://haveibeenpwned.com/

This is a free service that allows you to check if your email address was leaked in a data breach. It will provide details on what data breach it was leaked in and what data was leaked. This information is presented in a timeline starting with the latest and working its way back.

I have changed my passwords multiple times and I still receive this

Changing your password doesn’t stop credential stuffing because the bot isn’t reacting to your new password. It’s just running through a list of old leaked passwords automatically.

What do I do?

To reduce or stop these attempts, make sure you keep MFA enabled as this prevents the attacker from getting in. I would recommend signing into your security page and checking your security settings are up to date.

For Microsoft personal accounts, you can generate an account recovery code. To do this, please scroll down to the bottom and click "Generate a new code"

You will want to keep this in a safe place. If you do get hacked, you can use this code to recover your Microsoft account.

One effective option is to change your Microsoft account’s primary alias (your sign‑in email). This prevents bots from continuing to trigger MFA prompts using the old sign‑in address. Changing your primary alias doesn’t delete your mailbox or emails, it only changes the address you use to sign in.

To change this on Microsoft personal accounts, please sign into your Microsoft account here: https://account.live.com/names/manage

Once you have signed into your account, you can add an email address to use when signing into your Microsoft account. You can then click onto the link to change sign in preferences and select the new email you have added and de-select the previous email.

Hope this helps,
Nathan

Answer 2

These repeated prompts should be treated as suspicious, but the account is protected as long as every unrequested prompt is denied and no codes are shared.

Actions to take:

1. Continue denying every unrequested prompt
   • Any “Are you trying to sign in?” or number‑matching request that was not initiated should always be denied. This keeps the account safe even if someone has the password.
2. Change and harden sign‑in methods
   • Since password changes have not stopped the prompts, assume the password may be repeatedly guessed, reused from another breach, or stored on a compromised device.
   • Move toward passwordless or stronger methods (for example, Microsoft Authenticator number matching, Windows Hello, security keys) and avoid reusing passwords across sites. Going “passwordless” significantly reduces the risk of password‑based attacks.
3. Review and clean up security info
   • Sign in to the account’s security settings and review all registered sign‑in methods (phone numbers, email addresses, authenticator registrations, Outlook mobile sign‑in, etc.).
   • Remove any method, device, or app that is not recognized.
   • If Outlook mobile is enabled as a sign‑in method and is not needed, turn off Allow sign-in requests for that account in Outlook mobile settings.
4. Check recent activity
   • Review recent sign‑in activity for unfamiliar locations, devices, or apps. If anything looks unfamiliar, secure the account from that page (sign out of all sessions, revoke access, and re‑harden security info).
5. Secure devices
   • Run security scans on PCs and phones used to sign in, and ensure operating systems and apps (including Microsoft Authenticator and Outlook) are fully updated. A compromised device can repeatedly trigger sign‑in attempts.
6. Be aware of delayed or misdirected prompts
   • Some prompts or verification codes can be delayed or sent because someone mistyped an email/phone number, or because an old device with Authenticator/Outlook is still registered. Remove old devices and unused apps from the account’s security settings.

Level of concern:

• Yes, this pattern should be taken seriously because it likely indicates repeated sign‑in attempts (malicious or accidental).
• As long as every unrequested prompt is denied and security info is locked down, the account remains protected, but it is important to complete the cleanup steps above to reduce or stop the prompts.

---

References:

• Using Outlook mobile to sign in
• Common problems with two-step verification for a work or school account
• Authentication methods in Microsoft Entra ID - Microsoft Authenticator app