Here’s how cybercriminals try to hack your accounts while you sleep

Have you ever felt frustrated by the flood of notifications from your multi-factor authentication (MFA) app?

Well, cybercriminals have too. And they’re taking advantage of “MFA fatigue” to try to gain access to your sensitive business data.

MFA is essential for keeping your data secure. It adds an extra layer of security to your apps and accounts by asking you to verify your identity in two or more ways, such as a password and a code sent to your phone.

The constant alerts can be overwhelming though.

Attackers know this and will bombard employees – sometimes in the middle of the night – with a constant stream of MFA notifications. This makes it more likely someone will authenticate a login attempt through frustration, tiredness, or just to get the notifications to stop.

But now there’s a new weapon in the fight against MFA fatigue.

Microsoft Authenticator has introduced number matching as a way of making sure your MFA notification is from the correct login attempt, preventing cyber criminals from taking advantage of notification fatigue.

How does number matching work?

When you receive an MFA notification, the app will display a randomly generated number. You then need to input this number to authenticate the login attempt and prove you’re not a cybercriminal trying to access your business data.

That’s not all. Microsoft Authenticator also allows for biometric authentication, which means you can use your face, fingerprint, or other unique physical features to prove your identity and combat the threat of MFA fatigue attacks.

With these security measures in place, your business can stay ahead of cyber criminals and keep your sensitive data better protected.

If you already use Microsoft Authenticator, number matching is ready to use. Simply make sure your app is up-to-date, and you’ll be protected.

If you use another MFA system and want to look at how to make your security better or easier, we can help. Give us a call at 1-866-237-8622 or schedule a time here.

Previous
Previous

Is your business data at risk? Don’t take chances with old tech

Next
Next

LinkedIn takes action to tackle fake accounts