San Francisco: Microsoft has rolled out a new feature in its multi-factor authentication (MFA) application, Microsoft Authenticator, to prevent spam attacks.
According to ZDNet, the company has rolled out “number matching” in push notifications, which will help prevent MFA attacks that rely on push notification spam.
When “number matching” is enabled, the Authenticator app prompts the user to enter the number displayed on the login screen rather than just selecting “approve” when approving an MFA request. This will be a useful feature for administrators whose users were unprepared for the MFA attack.
The feature is available to administrators for now, but the company wants to make “number matching” the default for all Authenticator users in February 2023.
To prevent unintended approvals, administrators can also configure Authenticator to use application context and location context.
Once the new feature becomes the default for the Authenticator app, admin deployment commands will be removed.
Earlier this year, researchers uncovered so-called “MFA fatigue attacks” targeting Office 365 users. a victim using a password that has already been compromised.
The attacker relied on the victim becoming tired or inattentive enough to approve the mistaken login attempt at some point, according to the report.