Multi-factor authentication fatigue attack

From HandWiki
Revision as of 20:03, 6 February 2024 by Steve Marsio (talk | contribs) (update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Computer security attack

A multi-factor authentication fatigue attack (or MFA fatigue attack) is a computer security attack against multi-factor authentication that makes use of social engineering.[1][2][3] When MFA applications are configured to send push notifications to end users, an attacker can send a flood of login attempts in the hope that a user will click on accept at least once.[1]

In September 2022 Uber security was breached by a member of Lapsus$ using a multi-factor fatigue attack.[4][5]

In 2022, Microsoft has deployed a mitigation against MFA fatigue attacks with their authenticator app.[6]

References

Further reading