By now, most of us have heard about MFA. Which stands for Multi-Factor Authentication, NOT “Mother F* Aggravation.“
I am sure there are many users who have referred to it as such out of frustration for the extra 10 seconds (even though it may feel like hours) it takes out of their life to log in to their computer. But MFA Fatigue is the reason we need to talk about it again.
“MFA Fatigue” is not precisely about your frustration with the time it takes to log in. It refers to a technique that cyber criminals use in their attack schemes. There are several methods of MFA.
Push Notification sends you a notification to your phone whenever someone tries to log in to an account with your password. You then have to click “yes, it’s me” to get in on your other device or “no, not me” to deny that access.
One-Time Password (OTP) is a code, usually six numbers, generated by an authenticator app on your phone that is tied to that account and will generate a new code for that account every 60 seconds.
Email or SMS is similar to the OTP but comes via email or text. It usually expires in a set amount of time (less than an hour).
A two-factor token is a physical device that generates an OTP or must be inserted into the computer.
The Push Notification is the tool cyber criminals use to exert MFA Fatigue.
Imagine it is late at night, and you are trying to sleep. You receive a message that says, “Did you try to log in from Frankfort, KY?” If you click no, then the criminal tries to log in again, and once again, you will receive the message. They continue to do this over and over and over until you finally are so aggravated and assume that it’s just a glitch that you will click “yes” so you can go back to sleep. No more fatigue.
And no more security.
You are the gate that can keep the bad guys out or let them in. Keep it locked unless you know for sure. Once they’re in…it’s too late.
Do you prioritize the safety and security of your organization? Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. Contact us at (502) 320-9885 to learn more about how we can help you achieve peace of mind.