Microsoft Authenticator Adds More Context In Notifications To Prevent MFA Fatigue Attacks

Microsoft Authenticator

Hackers are smart. This is why they're always in a cat-and-mouse game with security researchers.

It has been for quite some time, that multi-factor authentication (MFA) is required on a number of big platforms. Hackers know this, and among the list of strategies hackers can use to obtain access to accounts using MFA, is using a method called the MFA fatigue attack.

This method of attack isn't new, but it has become more prevalent as more and more organizations have deployed MFA to defend corporate accounts and assets.

The method involves stealing people's login credentials through whatever means necessary, and use them to repeated bombard targets with MFA push notifications.

When too much is just too much, MFA fatigue would occur.

Victims would eventually "accept" the MFA prompt, and deliberately allow the attackers access to their account.

Microsoft Authenticator is one of the apps that can provide users with MFA to log in into platforms that offer MFA.

And this time, to prevent MFA fatigue attacks, Microsoft is pushing out a feature for its Authenticator service.

The feature is nothing significant, but can indeed make a huge change.

What it does, is adding an additional step before approving anything.

Previously, accepting an MFA login attempt would only require users to hit that 'approve' button.

This time, MFA requests require Microsoft Authenticator users to manually type in a matching number.

This additional step can be an effective way to prevent MFA spamming attacks from working.

And not just that, because Microsoft Authenticator can also show users additional context in notifications, such as the app trying to be accessed and the sign-in location.

The feature also comes with a refreshed admin user interface and APIs to help IT professionals better manage their end users, including a new 'Configure' tab that allows admins to enable or disable different features.

With the update, Microsoft Authenticator also includes the ability to exclude groups from features to assist with smoother feature rollouts.

"The context helps the user understand the origin of the sign-in and thereby reduces the chances of accidental approval," Weinert said.

Microsoft Authenticator
Microsoft Authenticator adds more context before users can approve any incoming MFA requests. (Credit: Microsoft)

Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks.

And when they succeed, they may be able to obtain both the username and password combination in clear text.

What this means, there is nothing that can stop the hackers from logging in into the accounts' holders' accounts.

MFA can stop this, simply because any login attempt to accounts with MFA enabled, requires a second authentication method.

Without the second authentication, that username-password combination is rendered useless.

Hackers know that accounts using MFA would send push notification to the owners. This is why hackers would bombard the owners with MFA requests, by running a script to automate the process.

The goal is to keep this up, day and night, to break down the target's cybersecurity posture and inflict a sense of "fatigue" regarding these MFA prompts.

By including more context in the MFA pushes, such as the location from which the request originated and what app is requesting the login, the goal is to reduce accidental approval caused by MFA fatigue.

Published: 
31/10/2022