Microsoft Authenticator gains feature to thwart spam attacks on MFA
Microsoft has rolled out “Match Numbers” in push notifications for its Microsoft Authenticator multi-factor authentication (MFA) app.
The new advanced feature is generally available in Microsoft Authenticator and should help with MFA counterattacks that rely on spam push notifications.
Earlier this year, researchers discovered so-called “MFA stress attacks” on Office 365 users, in which attackers repeatedly trigger MFA notifications while trying to log into a victim’s account with an already compromised password. The attacker hopes at some point that the victim will be overburdened or distracted enough by notifications to mistakenly agree to the login attempt.
With number matching enabled, the Authenticator app requires the user to type in the number displayed on the login screen when an MFA request is approved rather than simply pressing ‘Agree’. This will be a useful feature for administrators whose users have been arrested due to this MFA attack.
Currently, administrators can enable number matching in Authenticator, but Microsoft plans to make it the default for all Authenticator users in February 2023, according to Alex Weinert, Microsoft’s vice president of identity security.
Administrators can also use the Authenticator configuration to use the site context and the application context to prevent unintended consents.
Microsoft has published instructions for configuring number matching, which can be enabled by a combination or other filters, and notes that number matching is not supported in Apple Watch notifications. The admin rollup controls will be removed after matching numbers becomes the default option for the Authenticator app.
Also, Authenticator on iOS now uses App Transport Security (ATS), a security feature Apple introduced in iOS 9 in 2015 to enforce secure online communications. However, app developers and researchers need to enable ATS in 2019, and found that 67% of 30,000 apps scanned had ATS completely disabled.
#Microsoft #Authenticator #gains #feature #thwart #spam #attacks #MFA