Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, Bel Air and in and about Maryland since 2002.

Avoid MFA Fatigue Attacks by Minimizing Notifications

Avoid MFA Fatigue Attacks by Minimizing Notifications

While we strongly recommend that you put the security safeguard known as multi-factor authentication in place wherever it is available, it is important that we acknowledge that cybercriminals are frustratingly inventive. So much so, in fact, that a new form of attack has been developed to take advantage of MFA, referred to as MFA fatigue.

Let’s go over what an MFA fatigue attack is, and what you can do to fight back.

MFA Fatigue is a Very Specific Form of Social Engineering

Let me ask you a question: if one of the applications on your mobile device prompted you to log in once again, would you hesitate to do so? What if a notification appeared, asking you to confirm a two-factor authentication prompt? What if that notification kept appearing until you did, assuming that the system was just glitching?

This is precisely how MFA fatigue works.

The purpose behind MFA is to help keep your account secure even if your password has been compromised. By adding an additional proof to the required authentication process, MFA is supposed to make it harder for the person who compromised your password to actually access the account. However, when a cybercriminal puts in your credentials, you’ll still receive the prompt to confirm the login. Some of these threats even come in the form of SMS messages and voice calls to confuse the user further.

This brings us back to our initial question: would you question an authentication prompt, particularly if you were trying to do something else, especially if it kept popping back up again and again?

The cybercriminals responsible are betting that you won’t.

How to Spot MFA Fatigue

There are a few clear and unmistakable warning signs that an MFA fatigue attack is afoot:

  • If you receive approval requests without attempting to log into an application.
  • If you receive multiple requests from a single application.
  • If you receive authentication request notifications at odd hours.

How to Take the Teeth Out of MFA Fatigue

Fortunately, there are a few things you can do to help limit the efficacy of MFA attacks. A strong password is a great starting point, so long as you keep it secure. You and your team also need to be more cognizant of when you are receiving an MFA prompt and whether or not you requested it, denying all of those that are unidentified.

Limiting the number of attempts you can make through your MFA solution of choice within a predetermined time is also a helpful precaution.

Turn to Us for Assistance with Your Business’ Security

We’ll help you implement the protections and precautions that will help you keep your business secure. Give us a call at (410) 531-6727 today!

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Choosing the Right IT Tech Support for Bel Air Bus...
Can You Save Money By Changing the Way You Deploy ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, 07 February 2023

Captcha Image

Client Service Login

Latest News & Events

This tournament is scheduled to be held Friday, June 10, 2022. The past six years have all been sold-out and this year is shaping up to be another one for the books you won't want to miss. 

Contact Us

Learn more about what Dresner Group can do for your business.

  • (410) 531-6727
  • 8600 Foundry Street, Suite 302
    Savage, Maryland 20763

Copyright Dresner Group. All Rights Reserved.