JN Group

3 min read

When Push Comes to Shove! Protect Yourself from MFA Fatigue Attacks
Full article

3 min read

Salvation Army, Harvest Time and Cooreville Benefit from JN’s Labour Day Efforts
Full article

When Push Comes to Shove! Protect Yourself from MFA Fatigue Attacks

3 min read minute(s) reading

#image_title

Multi-Factor Authentication (MFA) is one of the best ways to protect your online accounts. It’s a smart idea to make sure it’s turned on for important accounts like your email to better protect yourself and lower your chances of being hacked. MFA adds an extra layer of security by requiring two or more pieces of information to log in, like your password and a push notification sent to your phone. This makes it much harder for hackers to gain access.

However, attackers have found a sneaky new way to get around those push-based notifications: MFA Fatigue Attacks.

What is a MFA Fatigue Attack?

A MFA fatigue attack, also known as MFA bombing or MFA spamming, happens when a hacker bombards or spams you with endless authentication requests (those asking, “Is this you trying to log in?”)

The goal? Push until you crack. The attackers flood you with MFA requests, hoping you’ll eventually hit ‘Approve’ by accident or out of sheer frustration just to stop receiving the notifications. However, the moment you do, they’re in and your account is wide open.

It’s a psychological trick, not a technical hack. It can be effective if you’re not prepared.

Everyone’s At Risk

MFA fatigue attacks don’t just target big companies or VIPs. They can happen to anyone who uses apps with push-based MFA (like Microsoft Authenticator, Duo, or Google prompts).
Hackers often reuse passwords from data breaches to trigger these attacks.

How to Protect Yourself

You don’t need expensive software or a corporate security team to prevent or stay protected from MFA fatigue attacks. Here’s what you can do right now:

1. Never Approve a Login You Didn’t Start – If you get a push notification and you’re not actively logging in, always deny it. Ignore the pressure or urgency. Approving gives full access to your account.

2. Change Your Password Immediately – If you’re getting repeated MFA prompts, your password is probably compromised.

  • Change your password immediately.
  • Use a unique password you haven’t used elsewhere.
  • Consider using a phrase instead of just a word. Make it difficult to guess.

3. Turn Off Push-Based MFA When Possible – Some services let you switch to verification codes (like Google Authenticator or SMS codes) instead of push notifications. Verification codes are harder for attackers to abuse with this tactic.

4. Enable Account Lockout or Alerts – If the app you’re using has a setting to lock out after multiple failed attempts or send security alerts, turn it on. Even free accounts on some platforms offer this feature.

5. Report it to the Service Provider – Many companies have security teams monitoring these attacks.

  • Look for a “Report Fraud” or “Report Login Attempt” option in your app.
  • Even if you denied the login, it helps them track attackers.

Awareness Is Your Best Defence

The biggest advantage attackers have is catching you off guard.
Just knowing about MFA fatigue attacks makes you less likely to fall for them.

So next time your phone buzzes with a login request you didn’t start, stop, deny, and reset your password.

author avatar
JN Group
Was This Helpful
Was This Helpful?

Check out more stories like this

3 min read

Salvation Army, Harvest Time and Cooreville Benefit from JN’s Labour Day Efforts

In observance of this year’s Labour Day, the JN Circle...

3 min read

No Timelines, Just Purpose, The Steady Ascent of Elizabeth Ann Jones in Tax Service

From a modest rural upbringing to becoming one of the...

3 min read

It’s Almost Hurricane Season. Here Are 7 Prep Hacks You Shouldn’t Ignore This Season

June 1 is the start of the hurricane season, and...

The Jamaica National
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.