I sure don’t feel safe just ignoring it, considering the frequency.

  • prettybunnys@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    FWIW Microsoft does a blind token here meaning they send it if your password is correct or not.

    In that way the person attempting to gain access has no context of if the password is correct or not

      • prettybunnys@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        5 months ago

        It’s just login attempt when you’re setup this way.

        It happened to my account AFTER I changed the password.

        I do not believe accounts are setup this why by default and Microsoft does encourage you to use better 2fa as well.

        Requiring a token + password before authentication is attempted is common, the password being entered triggers the token but it doesn’t mean you’re in.

        This is not Microsoft doing something wrong, it’s Microsoft protecting an account that ought to have been protected better.

        OP needs to go in and configure actual 2factor

        In the same way google will log the location and browser fingerprint and whatnot from attempted logins whether they’re successful or not.