I received a notification that my account had been attempted to be accessed by a suspicious IP address, I have already changed my password and previously enabled two factor authentication long ago.

my question is

if the account login listed as successful for that IP and I have two factor authentication enabled does that just mean they guessed my password correctly? However since the account has two factor authentication would the attempt be blocked essentially since they don't have these secondary code?

Please advise.