Hi All,
I've been receiving a lot of 'one-time usage code request for your microsoft account' e-mails from the genuine microsoft e-mail address (*** Email address is removed for privacy ***
As I know that this e-mail address has been leaked in various hacks (linked-in etc), I always see quite a lot of unsuccessful syncs in my recent activity page.
I have 2FA enabled on my account and a difficult password, so I thought I was pretty safe.
However, I've never received this type of e-mail to the same address it was requested for.
I therefore have a few questions:
- Does this mean a malicious user knows my password, but can't go further because of the 2FA and therefore the code is sent out to bypass 2FA?
- Is this one-time usage code a way of accessing an account if you know neither of the password and 2FA? If not, then what is this one-time usage code?
- Is this code sent out when someone already has full access to my account (2FA + password) and then tries to change something?
Many thanks in advance