![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 6%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Hey there, Deborah Price
I've recently received 3 Authenticator messages for activity not generated by me.
If you’ve received three Microsoft Authenticator prompts that weren’t generated by you, this usually means someone has manually tried to sign into your account using your email and an incorrect or guessed password. It could also simply be someone mistyping their own email address if it’s similar to yours. Three prompts alone does not indicate a large scale attack such as credential stuffing.
Is that sufficient or do I need to do anything else to ensure the security of my account and data?
Please sign into your Recent Activity page here: https://account.live.com/Activity
Review the sign‑in attempts and check whether they come from the same IP address, the time of each sign-in attempt, the same device type, or completely different locations. This will help determine whether it was a simple mistake or repeated attempts.
Next, go to your security info page: https://account.live.com/proofs/manage/additional
Please make sure you have two-step verification enabled on your account. If you haven't enabled the passwordless account option, please change your account password to a unique strong password. If you have previously setup app passwords, please check these and remove any old app passwords you no longer need.
I would recommend enabling the passwordless sign-in option for your account. This removes the password and makes use of the Microsoft authenticator app for signing in, which is more secure. However, this is your choice. You can find out more about the passwordless account option here: https://support.microsoft.com/en-us/accounts-billing/security/how-to-go-passwordless-with-your-microsoft-account
After you have done this, please scroll down to the bottom the page until you come the heading "Recovery code"
Please click onto the option "Generate a new code"
A personal Microsoft account can only have one recovery code at a time. This recovery code can be used when you no longer have access to any of your security proofs. It is the last line of defence for getting back into your Microsoft account. Please make sure you keep it safe in case you need it.
If these attacks become more frequent, and relentless, then it would mean you are subjected to an attack known as credential stuffing. However, as you have only had three notifications so far, this doesn't suggest this is happening. You can check on have I been pawned, here: https://haveibeenpwned.com/
This service allows you to see if your email address was ever leaked in a data breach. If it has, then it will display the data breach is was leaked in, and what information they had access to. The best thing about the website is, it is free.
Lastly, never approve an authenticator prompt unless you are actively signing in. Declining unexpected prompts protects your account even if someone has your password.
Hope this helps,
Nathan