San Francisco, October 29: Microsoft has rolled out a new feature to its multi-factor authentication (MFA) app, Microsoft Authenticator, to prevent spam attacks.
According to ZDNet, the company has rolled out 'number matching' in push notifications which will help prevent MFA attacks that rely on push notification spam. Microsoft Layoffs: Tech Giant Fires Around 1,000 Employees Across Multiple Divisions.
When 'number matching' is enabled, the Authenticator app asks the user to enter the number shown on the sign-on screen rather than just selecting "approve" when approving an MFA request. This will be a useful feature for admins whose users were unprepared for the MFA attack.
The feature is available for the administrators for now, but the company wants to make 'number matching' the default for all Authenticator users in February 2023. Microsoft To Set Up Largest Data Centre in India With Investment of Rs 15,000 Crore.
To avoid unintentional approvals, administrators can also set up Authenticator to use application context and location context. After the new feature becomes the Authenticator app's default, the admin rollout controls will be removed.
Earlier this year, researchers discovered so-called "MFA fatigue attacks" targeting Office 365 users. In those attacks, attackers continually cause MFA push alerts while attempting to log into a victim's account using a password that has previously been compromised.
The attacker was counting on the victim becoming tired or inattentive enough to approve the login attempt mistakenly at some time, the report said.
(The above story first appeared on LatestLY on Oct 29, 2022 04:15 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).