What MFA is doing
MFA asks for a second proof before an account opens. That second proof may be a code, a security key, or an approval prompt.
MFA, Passwords, and Account Safety
Never Approve an MFA Prompt You Did Not Start
Learn how MFA protects accounts, how prompt attacks work, and what to do when a verification request appears unexpectedly.
What you will learn
You leave with a simple rule for deciding whether a prompt belongs to you, plus a routine you can reuse during sign-in.
MFA and 2FAverification codesprompt bombingaccount takeover warning signs
Why unexpected prompts matter
A prompt you did not start can mean someone else already knows the password and is trying to get the final approval.
The reusable decision routine
Match the prompt to a sign-in you just started. If it does not match, deny it, avoid sharing any code, and use the approved reporting or support route.
Practice and evidence
Practice helps you sort expected prompts from suspicious prompts without touching a real account.
Write a brief MFA routine that names when you approve, when you deny, and where you would report an unexpected prompt.
Quick check sample
When is it appropriate to approve an MFA prompt?
Scenario sample
A verification approval appears, but you are not signing in or making an account change.