Microsoft rolls out new feature to its MFA app, prevents spam attacks


San Francisco, Oct 29 (IANS): Microsoft has rolled out a new feature to its multi-factor authentication (MFA) app, Microsoft Authenticator, to prevent spam attacks.

According to ZDNet, the company has rolled out 'number matching' in push notifications which will help prevent MFA attacks that rely on push notification spam.

When 'number matching' is enabled, the Authenticator app asks the user to enter the number shown on the sign-on screen rather than just selecting "approve" when approving an MFA request. This will be a useful feature for admins whose users were unprepared for the MFA attack.

The feature is available for the administrators for now, but the company wants to make 'number matching' the default for all Authenticator users in February 2023.

To avoid unintentional approvals, administrators can also set up Authenticator to use application context and location context.

After the new feature becomes the Authenticator app's default, the admin rollout controls will be removed.

Earlier this year, researchers discovered so-called "MFA fatigue attacks" targeting Office 365 users. In those attacks, attackers continually cause MFA push alerts while attempting to log into a victim's account using a password that has previously been compromised.

The attacker was counting on the victim becoming tired or inattentive enough to approve the login attempt mistakenly at some time, the report said.

 

  

Top Stories


Leave a Comment

Title: Microsoft rolls out new feature to its MFA app, prevents spam attacks



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.