Microsoft has introduced changes to its Authenticator app to enhance security and protect against multi-factor authentication (MFA) fatigue attacks. The update requires users to input a two-digit code shown on their primary device, in addition to receiving a push notification on their secondary device, before accepting a login attempt. This ensures that users actively engage with the login screen and cannot blindly verify login attempts due to being overwhelmed or fatigued by frequent requests.
MFA fatigue attacks aim to exploit users’ tendencies to mindlessly approve login attempts when bombarded with them, either out of frustration or by mistake, after their initial login credentials have been compromised. These attacks have proven successful in infiltrating large organizations, including Microsoft itself.
