Microsoft has made security updates to the Microsoft Authenticator app for mobile devices. Those who use Microsoft Authenticator for multifactor identification logins, including logins to MyEnroll360, will notice changes when using the app while logging into applications. Changes were implemented to fend off multi-factor authentication (MFA) fatigue attacks.
MFA fatigue attacks occur when cybercriminals flood targets with mobile push notifications asking them to approve attempts to log into their accounts using stolen credentials. Often targets succumb to the repeated MFA attacks allowing unauthorized access.
Microsoft implemented the following two updates:
- Number matching. If you use the push notification feature on the Microsoft Authenticator app, you will be asked to type a two digit code after approving sign-in.
- Application name. The Microsoft Authenticator app will now display the name of the application requesting sign-in.
These updates have been automatically applied to prevent MFA fatigue attempts.