Microsoft started blocking all suspicious MFA requests as the default option


[H]F Junkie
Feb 3, 2014
That's a good measure, and I'm glad they're keeping the notiications in the app, just not pushing them to you - we've had more than a few users' legitimate logins flagged as suspicious logins before.

As inconvenient as it is, I also thought the numeric code you now have to enter was clever - prevents the "yeah sure, whatever, I'll just say I approve this" response from some people. Hopefully it wakes some people up to the fact of "oh shoot, I'm not looking at this screen to see this number - somebody else is trying to get into my account!"
We also activated the pin option in the MS Authenticator app , kinda annoying but prevent idiot users from automatically approving popups.
How the heck is this a real problem? There are actually people who approve 2FA requests even when they did nothing that would require 2FA?
How the heck is this a real problem? There are actually people who approve 2FA requests even when they did nothing that would require 2FA?
This is a counter against an MFA Fatigue Attack.
Where they carpet bomb the users devices and hope they fuck up from the notification screen.

Pair that with some SIM jacking or other social engineering methods and it happens.
Phone screens aren’t terribly large and suddenly those accept and deny buttons seem dangerously close.
I did not know that Microsoft has multi-factor verification like this. So thank you for sharing this article. It looks like Apples version, complete with GPS map of the location of the request. I like it, no issues with extra safety in this world.