MFA Fatigue
- RIT/
- Security/
- Resources/
- Types of Threats/
- Multi-Factor Authentication
Recognize, Respond, Report
MFA fatigue refers to the weariness or frustration experienced by users when repeatedly encountering Multi-Factor Authentication prompts. While MFA provides a significant enhancement to user security, it also can lead to user inconvenience. If you begin to feel overwhelmed or annoyed having to repeatedly verify your identity through MFA throughout the day, you may be experiencing MFA fatigue.
Recognize
- Recognize repeated failures: attackers often trick users into approving Duo prompts by repeatedly requesting access.
- Watch for frequent authentication requests: if you are receiving an unusually high number of Duo requests be cautious of potential threats.
- Monitor Geographical anomalies: keep an eye on where the Duo requests come from, if it is an unexpected location be cautious when granting access.
- Beware of unrecognized devices: if a Duo prompt is from an unexpected device be cautious about granting access.
- If a Duo prompt differs from that of your usual authentication methods, be cautious about granting access.
Respond
- Always verify that an MFA request is coming from you, your devices, or a trusted source before granting access.
- After suspicious activity, immediately change your password at start.rit.edu.
Report
- If you believe you approved a fraudulent MFA request contact the RIT service Center by phone at 585-475-5000, or online at help.rit.edu to open an incident report.
MFA Fatigue and Harassment
As MFA adoption grows, so does the risk of MFA fatigue, potentially leading to security vulnerabilities. While the constant authentication prompts may seem tiring and frustrating, the MFA is a security mechanism that requires users to provide multiple forms of authentication (e.g., something they know, something they have, or something they are) to verify their identity before gaining access to an account or system.
Users may feel overwhelmed or annoyed when they have to repeatedly enter verification codes, use fingerprint recognition, or respond to push notifications for each login attempt, especially if they access various systems throughout their day. However, MFA significantly enhances security by adding an extra layer of protection against unauthorized access so it is important to use it, even with the caveat of inconveniencing the user.
Additional Resources
- RIT Quaestor - MFA Fatigue at RIT
- Living Security - MFA Fatigue Video (external)
- Duo - Explaining MFA (external)
- Duo - MFA Fatigue (external)