🎙️
13

Multi-factor fatigue is a bigger threat than weak passwords

Last month at a station near Portland, our dispatch system got hit because someone kept clicking approve on MFA prompts. Everyone brags about having 2FA enabled, but I disagree it's the golden standard. If you get 10 push notifications at 2am, you're going to approve one out of annoyance. Has anyone else seen their team get burned by this?
2 comments

Log in to join the discussion

Log In
2 Comments
miles279
miles2798d ago
Wait, someone actually clicked "approve" on TEN push notifications at 2am? Man, that's wild. I've seen my own team do similar stuff though - we had a guy who'd get bombarded with MFA requests during late night deployments and he'd just blindly hit yes to make it stop. It's like the system trains you to be lazy. If you're getting buzzed every few minutes, eventually you stop thinking and just react. That Portland dispatch thing is terrifying but not surprising honestly.
6
joseph_ellis85
Hold up, TEN push notifications? That's not just wild, that sounds like a targeted attack. Someone was definitely trying to brute force their way in through human laziness. The guy on the night shift probably saw that stack and just wanted to get back to sleep. It's straight up dark pattern design from the attackers - they know people break after the fifth or sixth buzz. The worst part is that MFA fatigue is actually a known thing now, not just an excuse. Companies should just switch to number matching or something instead of a simple approve button. That whole situation sounds like a disaster waiting to happen from the start.
6