Multi-Factor Authentication (MFA) is an essential security measure that adds layers of verification to ensure a user’s identity. While it significantly enhances protection, cyber-criminals continually seek ways to circumvent it. One emerging tactic, known as “MFA Fatigue,” has successfully compromised accounts at major companies like Uber and Microsoft. Let’s explore how this attack functions and what defensive strategies can be implemented by our Fordham community.
MFA fatigue attacks aim to exhaust users. Hackers gain access to your account credentials (username and passwords) and then bombard you with a barrage of login attempts, generating a relentless stream of sign-in notifications. Out of frustration, you might eventually approve one of these malicious requests, inadvertently granting attackers access to the Fordham network.
So, how can you safeguard yourself? Organizations should limit the number of MFA requests their systems allow, implementing a threshold that blocks further attempts after a certain point. Additionally, using strong, unique passwords is crucial, as MFA fatigue exploits stolen credentials. A password manager can help generate and securely store these passwords. Finally, staying informed is vital: understand the risks, recognize unexpected MFA requests (usually coming in at odd hours of the day), and don’t hesitate to reach out to Fordham’s IT Help Desk if anything seems “phishy”.
Photo Credit: Sora Shimazaki