If you have 2FA enabled they won’t be able to get in, but if you change your password and they’re still trying, that means that somehow they have your new password, which means you probably have a credential stealer in your PC or one of your devices. I would reinstall windows immediately then change EVERY password.
When they were installing the alarm at my house I noticed that the main guy had nextcloud on his phone and it sparked a nice conversation about privacy. He has no technical background but managed to self-host it on his old laptop with one of those distros that have an easy UI for self-hosting (don’t remember which one exactly). He’s a pretty cool guy.