[aksss]

Anyone using [insert service here] should be using MFA of some sort. This would solve so many of these problems. It does sound like OP is being hit by a phishing attack, but assuming it's not that, this can only be a lesson for everyone to turn on MFA now if you haven't already. Yes, MS' consumer platform (live, hotmail, outlook, etc) supports it.

[rlpb]

Without widespread U2F support, the list of individual MFA secrets I would have to maintain would be unmanageable. It's not yet reasonable to expect users to have MFA on all of their accounts; only their most important ones.

[stephenr]

I have MFA setup for 29 things, and I don’t really see how adding another 229 would make it any less usable.

It’s arguable that something like u2f is more secure but with a good TOTP app usability is not the problem.