Enable Number Matching for Microsofts AzureAD
Over the past year, there has been an increase of MFA fatigue due to attackers “bombing” the users with requests. Below is a nice example of what the attackers are doing and what the users would see:
The frustrating thing about this, is that for most organisations, getting up to an MFA standard would have been difficult. Some even steering away from Text and Phone MFA and leading with prompt due to the other two having known flaws.
This would give them huge benefits; however, the bad guys just couldn’t leave us alone. Prompting users so frequently can give them access either by blindless acceptance, confusion (Woken up) or annoyance. It’s sort of like your child asking for something in a shop. They just keep going and going and going and going, until eventually you just say YES!
(We’ve all been there).
Thankfully, there is another way, should you want to avoid going backwards, or towards password-less. MFA with number matching:
This will add an additional factor to the current prompt method. This should hopefully deter attackers, as you simply wouldn’t know the number if they are trying to login as you. The number would be on their screen.
It should also help avoid those tired wake ups as there is no simple button to click. Having this method creates some sort of thought process, so should hopefully reduce accidental allowance and compromise.
It’s not perfect, but it looks like a good step in the right direction.
Leave a Reply