Routine & Fatigue: An IT
administrator's worst
nightmares
Multi-Factor
Authentication
Pitfall
Scenario 1:
Your account credentials
are obtained by a hacker
who attempts to log in
and pushes the MFA to
your mobile device.
Out of habit, you hit
allow the session.
Your account is now
compromised.
Scenario 2:
Your account credentials
are obtained by a hacker
who attempts to log in
and pushes notification
after notification to
your mobile device.
You do not allow access
but fail to realize your
account credentials are
no longer safe.
The hacker contacts you
via email, text, and
phone call claiming to
be from your IT
department or security
provider in an effort to
persuade you to
authorize the push
notification.
You either fall for the
trick or break down by
accident from the sheer
volume of sends and
mistakenly hit allow.
Don't
let routine or fatigue
catch you off guard. If
you receive a fraudulent
push notification you
didn't initiate, tell
your IT department
immediately and change
your password.
