Idea ID: 2874250

Competitive feature request: Add "Number Matching" to Pushes via NetIQ Auth app to guard against MFA Fatigue attacks

Status: New Idea

A social engineering technique called 'MFA Fatigue', aka 'MFA push spam', is growing more popular with threat actors as it does not require malware or phishing infrastructure and has proven to be successful in attacks.

Here's a good, recent description of the TTP that has been trending in cybersecurity industry news for the past year or so:

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches (bleepingcomputer.com)

Most of your top-tier competitors have released product updates this year to address this problem. Some examples are below:

  • Competitor implementation: Azure MFA (Number Matching)

Use number matching in multifactor authentication (MFA) notifications - Azure Active Directory - Microsoft Entra | Microsoft Learn

  • Competitor implementation: CIsco DUO (Verified Duo Push)

Duo Administration - Policy & Control | Duo Security

  • Competitor implemention: Okta (Number Challenge)

Configure Okta Verify