microsoft, android, microsoft authenticator features can address 'mfa fatigue  attacks'

Microsoft is urging organizations using the Microsoft Authenticator app to activate additional security functionality to protect against possible “multifactor authentication fatigue attacks,” according to a Wednesday announcement.

The Microsoft Authenticator app is used to add two-factor identity verification to Android and iOS devices, such as requiring a password and a personal identification number (PIN) to gain access to apps and resources. To meet the current threat landscape, organizations should turn on the number matching and additional context features for Microsoft Authenticator.

Additionally, organizations also should automate password changes for at-risk users, Microsoft advised. However, this latter option depends on organizations having certain Azure Active Directory licensing.

“Depending on your Azure AD licensing, you can configure risk-based Conditional Access policies to automatically prompt such users to change their password the next time they sign in,” explained Alex Weinert, director of identity security at Microsoft, in the announcement.

Previews of the number matching and additional context features were released back in November, and they are still at that release stage. Microsoft is planning to require number matching for use with the Microsoft Authenticator app when the number matching feature reaches the “general availability” commercial-release stage. That general availability date, though, wasn’t described.

Number matching, even at preview, is currently being used daily by “almost 10K enterprises,” Weinert noted.

A multifactor authentication (MFA) fatigue attack is a way for an external attacker to gain network access after having gained a user’s password. The attacker may be blocked from network access in using that password because of two-factor authentication protection. However, it’s possible to repeat the access attempts to bug the victim into finally assenting. At that point, the attacker gets access.
These repeated notifications arrive via MFA applications, explained managed security service provider GoSecure, in this February blog post about Office 365 attacks. GoSecure labeled this attack method as “push notification spamming.”

Microsoft’s phrase for these approval screens that get seen by end users is “simple approvals.” Users are presented with an approval screen, and small number of them will always just click them, per Microsoft’s research. Microsoft wants organizations to use the number matching and additional context features to add safeguards against such user actions.

Here’s how Microsoft characterized the problem:

Our studies show that about 1% of users will accept a simple approval request on the first try. That’s why it’s critical to ensure that users must enter information from the login screen and that they have more context and protection. We track these attacks across our ecosystem, and it’s very clear they are on the rise — with push notifications, voice approvals and SMS as the top culprits.

With the number matching feature turned on, users must enter a two-digit number to approve the access request.

“If the user didn’t initiate the sign-in, they won’t know the two-digit code, thereby requiring the bad actor to share the two-digit code in a separate channel, which the user shouldn’t accept,” Weinert explained.

The additional context feature adds protections by showing the app used for the request and the location of the access requester’s IP address, which is accompanied by a map image.

The number matching and additional context features for the Microsoft Authenticator app “will soon be GA,” Weinert stated, without offering any specifics. He also promised that more enhancements will be coming later to bolster the Microsoft Authenticator app.

About the Author

Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.

Keyword: Microsoft Authenticator Features Can Address 'MFA Fatigue Attacks'

TECH'S NEWS RELATED

Where family matters : The 2022 KIA Sorento Hybrid 1.6 T SX Tech [advertising feature]

Where family matters : The 2022 KIA Sorento Hybrid 1.6 T SX Tech [advertising feature] But let us take things up a notch shall we? 2022 KIA Sorento Hybrid 1.6 T SX Tech Where family matters : The 2022 KIA Sorento Hybrid 1.6 T SX Tech [advertising feature] When ...

View more: Where family matters : The 2022 KIA Sorento Hybrid 1.6 T SX Tech [advertising feature]

Elon Musk's Twitter roils with hate speech as trolls test new limits

ETtechIn the wake of Elon Musk buying Twitter Inc., a tide of slurs and racist memes swelled on the platform, sparking concern that the site is entering an era of hateful speech.Twitter has long wrestled with how to enforce content policies fairly on its platform in order to appease the ...

View more: Elon Musk's Twitter roils with hate speech as trolls test new limits

Pebble Smartwatches are Probably Getting Their Last Update From Google

Google Releases 4.4.3 Update for Pebbles Version 4.4.3 Might be Pebble’s Last Update Google is releasing an update for Pebble smartwatches, bringing support for the Pixel 7 series. The tech company is adding 64-bit support to the app. The new update makes Pebble smartwatches compatible with Pixel 7 and ...

View more: Pebble Smartwatches are Probably Getting Their Last Update From Google

Dell Black Friday Deals Sees Laptops Drop Up to $700 Off

Dell is Selling Laptops at a Massive $700 Discount Buyers Should Expect High Prices When Trying to Purchase High-End Laptops Buyers can See Up to 33% Discounts on Dell XRP 15 Laptop Spotted Selling for $700 Off at Just $2,199 XPS 15 Laptop Specs Include an Intel i9 CPU ...

View more: Dell Black Friday Deals Sees Laptops Drop Up to $700 Off

Google Messages End-to-End Encryption for Group Chat Looks To Be in Testing Phase

Google Messages End-to-End Encryption on Group Chats Might be on its Way Google Confirmed Group Chats Are Also Getting End-to-End Encryption Google Messages’ end-to-end encryption feature for group chats seems to be on its way. It looks like the tech giant is testing it to select users. (Photo : ...

View more: Google Messages End-to-End Encryption for Group Chat Looks To Be in Testing Phase

Apple Watch Saves Lives: Kidnapped Woman was Saved from Being Buried Alive by Veteran Ex-Husband

US Army Veteran Kidnapped Ex-Wife, Stabbed Her, and Buried Her Alive in the Woods The Ex-Wife was Able to Ask Help from a Stranger The Woman Used Her Apple Watch to Call 911 She was Dragged and the Apple Watch Destroyed The Ex-Husband is Scheduled to be Arraigned on ...

View more: Apple Watch Saves Lives: Kidnapped Woman was Saved from Being Buried Alive by Veteran Ex-Husband

iPhone 15 will see a big change in design according to report

This well-respected industry insider says big changes are coming to the iPhone 15 in terms of volume and power

View more: iPhone 15 will see a big change in design according to report

Elon took over Twitter. Then some users began testing chaos

Elon Musk. (File image) Confusion, concern, conspiracies, celebration. In the hours after Elon Musk took control of Twitter, reaction on the platform ranged from triumph to despair. While no immediate policy changes had been announced by Friday afternoon, that didn’t stop users from cheering — or criticizing — what ...

View more: Elon took over Twitter. Then some users began testing chaos

Elon Musk says Twitter will form 'content moderation council'

Meta's oversight board open to discussing content moderation with Twitter

Free Fire Download for PC in 2022 (Latest Version)

Microsoft Shares Fix For Outlook Login Issues

Xiaomi 13 Lite IMEI Database Listing Tips It is A Rebranded Xiaomi Civi 2

The 6 Best Google Pixel Watch features that make you say wow

Early Black Friday deal drops Microsoft Office for Mac Home & Business 2021 to $39.99

China hopes rapid hydrogen energy push is as easy as riding a bike to aid economy, carbon-neutral goal

China launches satellite for in-orbit verification

Musk’s role as 'chief twit' knocks $10 billion from fortune

Bp Pulse and Hertz Team Up to Build Network of EV Fast Chargers in High-Demand Locations

Twitter Will Form A 'Content Moderation Council' Says Elon Musk

OTHER TECH NEWS