{"id":1248,"date":"2026-01-16T08:00:33","date_gmt":"2026-01-16T13:00:33","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1248"},"modified":"2026-01-21T15:43:19","modified_gmt":"2026-01-21T20:43:19","slug":"duo-mfa-fatigue","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/01\/16\/duo-mfa-fatigue\/","title":{"rendered":"MFA Fatigue: When \u201cApprove\u201d Is the Wrong Choice"},"content":{"rendered":"

Multi-Factor Authentication (MFA) is essential for keeping campus accounts and data secure. By requiring a second verification\u2014like a push notification, text, or token\u2014MFA helps protect sensitive research, personal data, and university systems. But there\u2019s a growing concern: MFA fatigue<\/strong>.<\/p>\n

\"\"<\/p>\n

What is MFA Fatigue?<\/h2>\n

MFA fatigue occurs when users are repeatedly prompted to approve authentication requests\u2014sometimes dozens of times a day. This can create stress and frustration, leading users to reflexively click \u201cApprove\u201d without verifying the request.<\/p>\n

Cybercriminals exploit this behavior through tactics like \u201cpush bombing,\u201d<\/strong> sending multiple approval requests to trick users into granting access. A fatigued click on \u201cApprove\u201d can give attackers instant access to your account.<\/p>\n


\n

Why Higher Ed is a Target<\/h2>\n

Universities store vast amounts of personal and research data, making them high-value targets. With students, faculty, and staff logging in from multiple devices and locations, MFA fatigue creates an opportunity for attackers to gain unauthorized access.<\/p>\n


\n

Do\u2019s and Don\u2019ts to Protect Yourself<\/h2>\n

Do:<\/strong><\/h3>\n