A Comprehensive View on MFA Fatigue : Techniques and Mitigation Strategies
Gardani, Fadwa (2023-07-27)
A Comprehensive View on MFA Fatigue : Techniques and Mitigation Strategies
Gardani, Fadwa
(27.07.2023)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2023073192679
https://urn.fi/URN:NBN:fi-fe2023073192679
Tiivistelmä
Multi-Factor Authentication (MFA) can be bypassed by overwhelming users with fraudulent MFA prompts until they accept. This tactic is called MFA fatigue. Several renowned organizations have been compromised with this attack in the recent years resulting in a significant amount of exfiltrated data. The overall aim of this research is to advance our understanding of MFA fatigue, its techniques, and variations as well as any methods that could defend against it. This research is theoretical in nature, and we rely solely on a review of secondary literature. Moreover, since no significant scientific publications were found on the topic of MFA fatigue at the time of writing, relevant information was gathered from various online sources that were then assessed for reliability and credibility. Our findings include a formalization and classification of the attack type in question, which we depend on to discuss possible mitigation strategies and propose a solution framework. We conclude that MFA fatigue is an adaptable tactic relying on several mediums and approaches which makes it difficult to fully mitigate. Hence, we recommend a defence in depth approach for mitigation strategies and straightforward actions for end-users as to detect and prevent MFA fatigue attempts.