New
#1
Without hovering over the Yes/no links to see the url there is no way of telling from the pictures.
Just go to the following page and check for security events - Security Checkup
Every time you access with a new browser or unrecognised device you need to enter a secondary 2FA code, you can either use a texted code to your phone, an authenticator app (I recommend Authy) or a hardware solution such as a yubikey, once authenticated it remembers the browser/device so you will not need to authenticate again unless there has been a big change.
Switched to FF in the Insider version on same computer and it asked me if it was me, confirmed with new password so it must have been legit. TNX.
I usually get those alerts on using VPNs , as now both Google and Microsoft applied a measure of security to only allow password access to same country , but if you are travelling over you need to do an authentication from an already authorized device they have its mac address stored , in case of VPNs some of these block or change your mac address and country along your ip so may fire such alerts .
If you are not using one then yes , some cutie in Vietnam has your password some how . They can steal it with ease from android phones via cover up apps so you might want to review your apps .