Those login attempts which trigger 2fa app does not generate a log entry if unsuccessful. Only attempts with username/password does. For some strange reason.

So there is no way to flag them as malicious and if you accidentally accept, then it’s already too late.

Pretty annoying setup.

I have the same issue. It’s absolutely stressful. Id also love some way to mark them as malicious.