Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account.
When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA.
Thinking of going through and buying a physical key like yubico to further secure my account.
Any tips are appreciated.
If you have 2FA enabled they won't be able to get in, but if you change your password and they're still trying, that means that somehow they have your new password, which means you probably have a credential stealer in your PC or one of your devices. I would reinstall windows immediately then change EVERY password.