Article Read Time
Most of us have heard about MFA. Which stands for Multi-Factor Authentication, NOT “Mother F* Aggravation.“
I am sure many users have referred to it as such out of frustration for the extra 10 seconds (even though it may feel like hours) it takes out of their lives to log in to their computer. But MFA Fatigue is the reason we need to talk about it again.
“MFA Fatigue” is not precisely about your frustration with the time it takes to log in. It refers to a technique that cyber criminals use in their attack schemes. There are several methods of MFA.
Push Notification sends you a notification to your phone whenever someone tries to log in to an account with your password. You must then click “Yes, it’s me” to grant access on your other device, or “No, not me” to deny it.
One-Time Password (OTP) is a code, usually six numbers, generated by an authenticator app on your phone that is tied to that account and will generate a new code for that account every 60 seconds.
Email or SMS is similar to the OTP but comes via email or text. It usually expires in a set amount of time (less than an hour).
A two-factor token is a physical device that generates an OTP or must be inserted into the computer. Push notifications are the tools cybercriminals use to induce MFA Fatigue.
Imagine it is late at night, and you are trying to sleep. You receive a message that says, “Did you try to log in from Frankfort, KY?” If you click no, the criminal tries to log in again, and you will receive the message. They continue to do this over and over and over until you finally are so aggravated and assume that it’s just a glitch that you will click “yes” so you can go back to sleep. No more fatigue.
And no more security.
You are the gate that can keep the bad guys out or let them in. Keep it locked unless you know for sure. Once they’re in…it’s too late.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.