Number matching (with "type the code" experience) prevents accidental approval by requiring the user to type in a two-digit code from the login screen to their Authenticator app. Prevent good users from accidentally approving sign-ins We’ll be enabling them for all users very soon after general availability (GA is expected in the next few months), but, given the rise in MFA fatigue attacks, we encourage you to take advantage of them now. We announced the protections from these attacks way back in November 2021. In this blog, we’ll help you protect your users on Microsoft Authenticator from MFA fatigue attacks. Microsoft Authenticator is the most popular MFA method (whether after a password or in place of one) for enterprises to deploy and secure their users today. We track these attacks across our ecosystem, and it’s very clear they are on the rise – with push notifications, voice approvals and SMS as the top culprits. That’s why it’s critical to ensure that users must enter information from the login screen and that they have more context and protection. Our studies show that about 1% of users will accept a simple approval request on the first try. Anytime users are doing “click to approve” or “enter your PIN to approve” instead of entering a code they see on-screen, they are doing simple approvals. These attacks rely on the user’s ability to approve a simple voice, SMS or push notification that doesn’t require the user to have context of the session they are authenticating. With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (aka, MFA spamming) have become more prevalent. Protecting users from MFA fatigue attacks
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |