Posted: Thu, 09/22/2022 - 6:23am
Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.
One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app. It's a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.