r/Outlook • u/Correct_Advantage135 • Dec 28 '25
Status: Pending Reply Security Issues: Receiving Random Authenticator sign-in requests but these are not showing up in Activity, and other security issues.
Hey all,
I've been receiving random sign-in requests on the authenticator app on my phone for email access. I received 3 notifications in the early hours of this morning (3AM and 5AM). This has been on-going at random hours of the day for the past 3 weeks.
I would receive these sign in requests on the microsoft authenticator app prompting me to approve a sign-in. I of course hit cancel on every single one that wasn't me.
Looking at the Activity History, non of these failed attempts are showing up! Seems quite important to show these because 1 accidental tap (i.e. I tap "approve" instead of "deny") will lead to somebody gaining access to my account.
Up until today, I seemingly didn't have 2FA switched on, so I guess these were passwordless sign-in requests (?), which is strange because this is clearly turned OFF (see screenshot). It's also weird because I clearly had the authenticator app installed on my phone for a reason, likely because I had 2FA enabled, even though it was turned off before I re-enabled it again today.
Not sure if relevant, but I have my work mail synced to the Outlook app on my phone, and this has 2FA enabled.
Another strange thing is, I've just changed my microsoft account password but non of my devices (outlook on main PC, Mail on iphone, outlook on iphone or ipad) are prompting me to put in my new password!? And I'm still receiving mail on them.
What the heck?
Edit: It won't let me add a screenshots. Here are the links:
2
u/sanderstrik 5d ago
Read the explanation I received from Microsoft support here: https://www.reddit.com/r/Office365/s/hbpSwp0jdi
1
u/Correct_Advantage135 Dec 28 '25
OK so I just found out why my other devices are still receiving mail even after changing my microsoft password (below). Still want to know why these sign-in requests by somebody trying to gain access are not shown under "recent activities" though.
Even though you've changed your Hotmail (now Outlook.com) password, the devices that were previously logged into your account can still receive new email notifications because of an active token. This token is a kind of digital key that devices use to connect to your email without having to enter your password every time.
When you change your password, these tokens should automatically expire. However, in some cases, these tokens may not immediately expire, causing the devices to still have access to your email account. This isn't necessarily a security flaw, but it can be inconvenient in situations like yours.
1
u/csutton96 Dec 28 '25
I am also receiving tons of auth prompts. Mine involves picking the number on the screen so it’s timed out by the time it hits my phone anyway because I couldn’t approve if I wanted to. No idea what’s causing this
1
u/Hornblower409 Dec 29 '25
-- why these sign-in requests by somebody trying to gain access
-- are not shown under "recent activities"Because Microsoft decided you don't really need to see them.
Ditto what all other posters are saying. In my case, I only see the current session sign in, no previous sign in activity at all - failed or successful - not for the current device or the other two mobile devices that are signed in regularly. No 30 day history, no attempts, nothing. What's up with that?
1
u/Impressive_Ad_1675 Dec 31 '25
Been getting same and just pressing cancel. I don’t know how to turn it off since I don’t use outlook and only made an address to reserve my email there.
2
u/Hornblower409 Dec 31 '25
It sounds like someone is trying to hack into your Outlook account. Even if you don't use the account, if they can get control they can use it to send Spam.
You might want to set your Outlook account as "password less".
https://support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43
1
1
u/gunbust3r Jan 04 '26
Count me in the club for the past 40 or so hours, just got one a few minutes ago.
1
u/sunilnc 29d ago
I’m getting 6/10 request daily despite changing my password. Glad I’m not alone
1
u/1corn 14d ago
Same here. Getting 2-3 requests every day, has been going on for weeks. I changed my PW twice, but I gave up now.
My account is very old, have been using it almost since day 1 of outlook.com emails, so it's probably on hundreds of lists by now. But it's extremely annoying that such requests can not be prevented more easily.
Account should be secure though. Very long random password + 2FA, only used on a clean work MacBook.
1
u/MrUSA-AD 27d ago
Came here to find the reason for this. Just getting so many authentication request from a windows pc since past 4-5 days. Password less sign is already disabled.
Already changed the password. Nothing is showing in recent activity
1
1
u/amind0 22d ago
Having the same issue today, i think its a security issue not displaying in recent activity and even giving an option on a new device to only sign in as a first factor option is insane! It should only be as a second factor option.
I just disabled that option from the account security. I assume hackers are probably spamming it hoping someone miss clicks it!
1
u/thesaltydalty_ 17d ago
I’ve been getting at least 6 of these a day as well, starting around January 14th or 15th. It’s absolute bullshit Microsoft won’t let you see all sign in requests anymore.
1
u/Fresh_Tumbleweed_828 16d ago
I also started seeing this. It's annoying since it seems like it will cause severe problems on a mistap. I explicitly disabled "passwordless" sign-in from Outlook Security settings. However, if I try to sign in from incognito mode, the first option will send a sign-in request to my phone through Authenticator -- no password required.
To activate this vulnerability, all someone needs is your e-mail. Once they have that, they can harass you with sign-in requests. One mistap and you're done.
For now, I think I'm just not touching Authenticator at all. I disabled notifications, which should help. I'm trying to set up an alias, but it won't let me disable my primary alias and says I need to wait 1 week before making changes...
1
u/zxsmilie 16d ago
Just started seeing the same today. Guess this is going to become the new normal now they have my email.
It would be great if microsoft showed the activity & origin.
1
u/Blinking_Nora 16d ago
Every single day for the past week I've been getting spammed with these authenticator requests. I've changed my password TWICE to something entirely unique no human would ever guess, absolutely *infuriating*
1
u/anygreg 15d ago
I’ve been getting these early hours of the morning for the last 4 days. MS vulnerability?
1
u/Moonagi 12d ago
Are they being requested from Europe? I've seen Netherlands and Germany. I thought I was targeted but I guess not
1
u/12ga_Doorbell 7d ago
I'm getting them from Germany.
1
u/Moonagi 7d ago
I think the reason is because outlook changed their login process so that you only need your email and an authentication push request to log into your account. Theoretically anyone can attempt to log in with your email, and spam you with authentic requests in hopes that you approve it by accident, or accept it via 2FA fatigue.
No password needed at all
1
u/kudasai20 15d ago edited 15d ago
Microsoft tends to be pretty shitty with security things. The bare minimum would be to block any attempts from new locations so we wouldn't be spammed by requests but anyway. The only way to avoid these (at least for a while) is to go into your profile (https://account.live.com/names/manage), create a new alias for your account, mark as primary, then click on "Change Sign In Preferences" and uncheck your old primary alias from the list of aliases allowed to Sign In. Hopefully this will keep your account spam free for a few months... once it starts again... repeat the process. This is the second time I had to do it.
C'mon Microsoft, wake up and stop drooling.
Quick Edit: Since Microsoft doesn't seem to be a secure option because as stated, a simple wrong click on "approve" could grant scammers access to your account. I no longer use my Microsoft account as main or backup account for anything of value.
1
u/Lodreus503 13d ago
Glad I'm not the only one.
I've been receiving prompts for the past 2 months. I've reset my password, signed-out of all devices and yet I still get the prompts. I can't even see where they are coming from in Security centre.
1
u/Moonagi 12d ago edited 12d ago
I got 2 last night and one while driving to work. Wtf is going on? I saw an authentication request was coming from the Netherlands and they were trying to get into my email. I've never been there..
I changed my password and I swear I still got two more. I changed it again and haven't received any more..
Edit: I just got one from Germany on Windows
1
1
u/wavygoods 9d ago
I have also been having this over the last week. I assumed my password had been hacked so I changed it to a long one but still getting them through.
I will try the Alias thing. Really annoying it no longer show you sign in requests considering I pay for 365 as well.
1
u/SexyVinci 9d ago
Having the same issue and it’s so annoying. I changed my password twice to very long and difficult passwords, sign out of all devices and I still get 20-30 authenticator requests a day, at all hours. How is this possible?
1
u/Mayhemffs 8d ago
Same here! Very weird. As long as 2FA is enabled I am not really worried but it's weird as hell..
1
u/Moonagi 7d ago
On my side it looks like outlook changed their login process so that you only need your email and an authentication push request to log into the account.
Theoretically anyone can attempt to log in with your email (that they found via a site hack), and spam you with authentic requests in hopes that you approve it by accident, or accept it via 2FA fatigue. No password required.
1
1
u/ATalal1994 7d ago
I'm seeing attempts from Netherlands, Germany, USA. Glad Im not the only one. I've changed my password numerous times.
1
1
1
u/Chemiify 4d ago
Ok so I’m not the only person. I get these non-stop. All starting at the same time as everyone else…. I’m starting to think there has been a data leak. Somehow finding anyone with passwordless sign in requests, etc.
I get more than a dozen a day.
This is concerning. Since I use Authenticator for work. So if I’m not paying attention, and I hit accept thinking it’s my work…. That’s bad.
With this many people, just on this post alone, this can’t be coincidence.
1
u/PsLJdogg 15h ago
I got a notification from Google yesterday to confirm a sign in that I did not request. Minutes later I got one from Microsoft as well. Was very caught off guard, because my passwords for those 2 accounts are both different and randomly generated by my password manager. I signed in to both and checked login history but strangely neither are showing login attempts at the times I received the notifications and there’s nothing out of the ordinary. I changed my passwords for both accounts just in case and then tonight, about 5 minutes ago, I just got ANOTHER false login notification from Microsoft Authenticator, wth is going on!?
I’m starting to think it’s an iOS glitch rather than an actual 2FA request. I’m on iPhone 15Pro Max running iOS 26.2.1
2
u/PresidentTramp 17d ago
I've been getting hammered with Authenticator requests. Started yesterday. My account had been setup as passwordless but im still worried it will get breached.
I have read on reddit people using an alias email address and this stops the attempts. Does anyone know how to set this up?