Two Ways to Guard Against MFA Fatigue Attack

Let’s face it, Cyber-attacks are on the rise. It seems like that every time we read the news some organization somewhere in the world has had their system compromised in some way. A good example is what happened to Uber the other week. They were a victim of an MFA Fatigue attack that allowed the attacker to eventually access to several systems deemed important and confidential to the organization. You need to guard against an MFA fatigue attack. I will show you two ways. One as a user and the other as an administrator.

What is an MFA Fatigue Attack

It is quite simple really. Most users have MFA set up to gain access to their system (i.e., O365). If their credentials get compromised the bad actor will login into the system and realize MFA is enabled when the logon screen tells them a “push” has been sent to the authenticator app.

The suspecting user receives the push and ignores it. The attacker knows this and logs in again. The user receives another push. It will not stop. The user gets annoyed and either out frustration or by accident they approve the push. Bingo, the attacker is in. This exactly what happened to an Uber user.

Guard Against MFA Fatigue Attacks as a User

It is quite simple. Change your password. Constant pushes to your Authenticator App is NOT normal behavior. This is a hint that your account has been compromised. Once the password has been changed the attacker can no longer login and the MFA prompts will stop. For good measure, you should contact your helpdesk to let them know.

Guard Against MFA Fatigue Attacks as an Administrator

The best way as an admin is to set up Phishing Resistant MFA but the quickest way (especially if you are using O365) is to set up MFA with number matching. It adds an element to the process the attacker will not have access to even through they have compromised your user credentials.

As an Admin, you will need to go into set up a group of users (M365 Dynamic Group is good) and add the users who will use MFA with Number matching. Then you go into the Azure AD portal and under Security / Authentication Methods / Microsoft Authenticator Settings.

Toggle the switch to enable.

Go to the Target section and toggle selected user and choose the group you created in the previous step and set the Authentication Tab to “Push”.

Click the “Configure” Tab:

Change the status to “Enabled” and select the target to All “Users. All Users refer to all users in the target group. Click save. When the target users initiate a new logon that prompts an MFA it will include a number match:

Using these two steps to Guard Against MFA Fatigue Attacks will ensure you do not fall victim. It will enhance security and keep you and your environment safe1

Happy IT’ing


Quick IT TIps!

Don’t miss these tips!

We don’t spam! Read our privacy policy for more info.

Avatar photo

I am an IT professional with over twenty years experience in the field. I have supported thousands of users over the years. The organizations I have worked for range in size from one person to hundreds of people. I have performed support from Help Desk, Network / Cloud Administration, Network Support, Application Support, Implementation and Security.

Pin It on Pinterest