Member-only story
Light Roast 117: Intro to MFA Fatigue
What It Is and How to Avoid It.
This article was originally published on Built In.
Multifactor authentication, or MFA, is a mechanism used to secure user accounts. Unsurprisingly, however, malicious actors have found ways to bypass it, making the technology merely a small obstacle for many attackers.
Although many methods can bypass MFA, a technique called MFA fatigue or MFA abuse is a popular one due to its low complexity and high success rate. This article will discuss MFA fatigue, how to avoid falling victim to it, what to do in the event it’s happening on one of your accounts, and provide recent examples where it’s led to notable cyberattacks.
What is MFA?
If you aren’t already familiar with it, MFA is the use of multiple authentication factors to access a particular user account. A password alone is no longer enough to protect your accounts, and MFA has become a standard practice across all industries and organizations, as it reduces the likelihood of account compromise.
In general, there are three factors in an MFA process:
- Something you know — password, PIN, or passphrase
- Something you have — OTP (one-time password), verification code, or hard or soft security token
