I sure don’t feel safe just ignoring it, considering the frequency.
Change your password immediately to something you’ve never used before and isn’t similar to current passwords. If you’re getting random 2fa codes, someone is able to complete your first factor, so fix that ASAP.
It might not be 2-factor. Microsoft has an option to log in via email code, which doesn’t need a password.
It is actually safe to ignore them. It means either someone has an email address similar to yours, or a bot of some sort has you email address and only your email address.
Essentially, someone or something goes to the login screen, enters your login, and says “I don’t have the password, let me in!”.
Sending a code to your email like this is the first step in letting someone in without the password, or more specifically to having them reset it.Since the email is to check “did you ask for this?”, doing nothing tells them that you did not.
If you want some extra peace of mind: https://account.live.com/Activity should show you any recent login activity which you can use to confirm that no one has gotten in.
Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantra. :)
This is all good information and seems well intentioned, but it’s worth pointing out in a post about account security that clicking links provided by others and giving it your login information is very unwise (even/especially links in emails like these). For the link you provided, it’d be better to recommend going through a primary microsoft page or login that can be confirmed by the user and getting to the activity history page from there
Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantr
Well, I found the recent activity and none of these were me. At least they all appear to say Unsuccessful sign-in.
You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.
I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.
deleted by creator
FWIW Microsoft does a blind token here meaning they send it if your password is correct or not.
In that way the person attempting to gain access has no context of if the password is correct or not
deleted by creator
Yup, that would indicate that likely a bot is trying to guess it’s way in.
You are still safe.
The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.
If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.
Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)
It’s common for people to get these when their email address is similar to my dad’s and he forgets his password again.
Part of my concern is the email has part of an uncommon spelling of name + some numbers. And that it started all of a sudden, every day. The email is several years old and only now it’s begun happening every day.
I hope you’ve turned on 2FA.
Change your password to something strong, 20 characters plus, and setup 2FA with a 2FA app, google authenticator or Microsoft Authenticator
If you’re not using a password manager, now is a good time to start. Bitwarden is free and open source
Use Microsoft authenticator on your account, it won’t stop people from trying to access your account but you’ll stop getting these and it’s generally safer than any kind of email based 2fa
I got one of these emails. It isn’t even MFA, nothing to reply with the code to. It doesn’t even say which Microsoft account, it sent it to my GMail recovery account. It’s so utterly bad not being able to trace the attempt to its source. It’s sus that I’m not the only one to have recently experienced this out of nowhere. Maybe it’s an attempt to farm valid Microsoft emails from the way this service behaves?
If it happened on a MS account you have, you can check the activity part of the account, it should list all login attempts and give you an IP for each.
If it keeps happening, prefers middle of the night (to where you live) hours, and you often get a really big batch in a row, then yes, it’s probably an attempted hack.
In any case, I would making sure your password is strong and isn’t reused anywhere else, and set up multi factor authentication…
Edit: It was pointed out to me that this has an approve/deny on it. Looks an awful lot like an MFA Fatigue attack. The attacker plans to keep doing it until you slip up and approve it accidentally while fumbling to unlock your phone at midnight sometime.
You should change your password immediately, if you haven’t already.Weird. Sure looks like MS may be sending these without requiring your password. That’s…not great. Because of the fatigue attack aspect. See what you can configure. I would disable this function on my account, if I could.
Again, that’s if you’ve gotten dozens of these. If you got 3, it’s someone who mistyped their email as yours.
The message is multi-factor
Oh, I missed that in the gutter of the message.
This is a common attack tactic, then, called MFA Fatigue. It also means they probably have Ops password already. Or Ops service provider is doing something dumb. (MFA requests shouldn’t be sent out without the other factor being known.)Edit: There’s no approve link there. Just ignore these. If you got a lot of these, do setup MFA.
It’s not mfa fatigue. MS sends a code to the email. There is no accept or deny in the email.
Change your password to a randomly generated password and them setup 2FA
Do not click on anything in the emails as they may be phishing attempts
Just to be clear, change your password by manually typing in the address of the service in question.
Do not use the link in the email to navigate to the service for password changing.