November 7, 2023 at 10:43AM
Microsoft has introduced a new feature in the Authenticator app to block suspicious notifications during login. Hackers often exploit push notifications to gain access to accounts, so Microsoft now scrutinizes login attempts for unfamiliar locations or anomalous activity. Instead of showing the suspicious notification, users are prompted to open the Authenticator app and enter a code for verification. This feature has already blocked over six million suspicious notifications since its rollout in September.
Key takeaways from the meeting notes:
1. Microsoft has introduced a new protective feature in the Authenticator app to block suspicious notifications during account logins.
2. The Authenticator app provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.
3. The app sends push notifications for MFA logins, but hackers exploit this feature by performing numerous login attempts to tire and frustrate users.
4. If an exhausted user approves a request, the attacker gains access to the account and may alter login protection settings.
5. In May, Microsoft introduced “number matching” where users enter a number displayed on the sign-in screen in the Authenticator app to approve logins.
6. While number matching has reduced MFA fatigue attacks, it doesn’t stop the generation of annoying notifications.
7. Microsoft added features to scrutinize login attempts for unfamiliar locations or anomalous activity and blocks suspicious notifications.
8. Users are prompted to open the app and enter a given code instead of seeing the blocked notification.
9. Login notifications are still generated and can be accessed within the Authenticator app for review.
10. Since the end of September, Microsoft has blocked over six million suspicious MFA notifications.
These takeaways highlight the new protective measures implemented by Microsoft in the Authenticator app to combat hackers exploiting push notifications during login attempts. The added scrutiny and blocking of suspicious notifications have significantly reduced MFA fatigue attacks.