Some users may eventually approve one of these fraudulent notifications out of frustration, but others may accidentally approve a fraudulent notification while trying to accept a legitimate one. These attacks, also known as “push bombing,” occur when a cyberthreat actor uses stolen login credentials to bombard a user with mobile app push notifications. Microsoft is implementing this feature to help combat a recent rise in MFA-fatigue attacks. Since this would fall on finals week of the MSU Denver spring semester, the University is electing to apply the update earlier, to maintain security standards while minimizing any potential impact on the community. Although this update was previously announced as arriving late last month, Microsoft decided to delay the servicewide update to May 8.
This change will impact only those using the Microsoft Authenticator app to receive push notifications people using other MFA methods, including using other features of the Authenticator app, will not be affected. This feature, called number matching, will replace the previous functionality that required only approving a push notification from the app. Once the update is applied, Metropolitan State University of Denver users who have set up the Microsoft Authenticator app to deliver push notifications will be required to enter a two-digit code to their second-factor notification when logging in to their MSU Denver accounts. The Multi-Factor Authentication portion of the Office 365 login process will receive an update April 13 at 10 p.m.
0 kommentar(er)
