They work because MFA often assumes a legitimate user will distinguish a real prompt from an attacker-generated one. When attackers can trigger repeated notifications, the control becomes a behaviour test rather than a cryptographic barrier, and the human is the weakest part of the chain.
Why This Matters for Security Teams
mfa fatigue attacks succeed because deployment does not guarantee resilience. If the factor is a push notification or approval prompt, the control can be worn down by repetition, social engineering, or user confusion until a legitimate person approves an attacker session. That is why this is an identity assurance problem, not just a checkbox problem. NHIMG’s Ultimate Guide to NHIs shows how identity failures remain widespread, and the same pattern applies when human workflows are exposed to attacker-driven pressure.
The issue is amplified when MFA is treated as a final gate instead of one control in a layered access path. Modern guidance from CISA cyber threat advisories consistently shows that adversaries combine credential theft, prompt bombing, and help desk abuse to bypass weak approval flows. In practice, many security teams encounter MFA fatigue only after a valid session has already been established and the attacker has begun moving laterally.
How It Works in Practice
mfa fatigue attack exploit the gap between authentication and user judgment. The attacker first obtains a username and password, then triggers repeated MFA prompts until the target accepts one out of annoyance, distraction, or fear that they are blocking legitimate work. The control has technically “worked” by asking for approval, but the decision point has been shifted onto a human under pressure.
Current guidance suggests treating this as a prompt-quality and authorization design problem. Push MFA remains useful, but it should be paired with number matching, device binding, phishing-resistant factors, and risk-based policies that can suppress repeated prompts. Frameworks such as NIST digital identity guidance and the MITRE ATLAS adversarial AI threat matrix both reflect the broader lesson: authentication must be resilient to adversarial interaction, not merely compliant in a nominal sense.
- Use phishing-resistant MFA where possible, especially FIDO2 or platform-bound authenticators.
- Rate-limit repeated prompts and alert on abnormal approval bursts.
- Bind approvals to device, location, and session context so a prompt alone is not enough.
- Require step-up verification for high-risk actions rather than every login.
- Instrument help desk and identity logs so prompt bombing is visible as an attack pattern.
NHIMG’s 52 NHI Breaches Analysis is a useful reminder that identity compromise often spreads through weak operational controls after the first foothold. These controls tend to break down when approvals are routed to mobile devices during high-alert periods because users confuse urgency with legitimacy.
Common Variations and Edge Cases
Tighter MFA policy often increases user friction and help desk load, requiring organisations to balance stronger resistance against operational speed. That tradeoff is real, but it does not justify leaving push approvals as the only protection for sensitive systems. Best practice is evolving toward risk-aware authentication, yet there is no universal standard for how aggressively prompts should be suppressed across every environment.
Some environments need special handling. Shared service desks, VIP users, and contractors often receive more frequent prompt traffic, which makes fatigue attacks harder to detect unless identity telemetry is correlated with endpoint and session signals. In regulated or high-availability settings, teams should consider whether a stolen session token, not the MFA prompt itself, is the bigger issue. In those cases, the stronger control is not more notifications but shorter sessions, device trust, and tighter conditional access. NHIMG’s Top 10 NHI Issues underscores the same operational reality: weak lifecycle controls and excessive trust create durable exposure long after the initial compromise.
For incident response, the decisive question is whether the organisation can detect repeated denial-to-approval patterns before access is used. If not, the MFA control is functioning as a nuisance layer, not a barrier.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-1 | Identity proofing and auth assurance are central to resisting MFA fatigue. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Identity abuse patterns map to weak credential and session protections. |
| NIST AI RMF | Risk governance helps teams design controls resilient to adversarial prompting. |
Use AI RMF risk practices to evaluate auth flows for adversarial manipulation and user harm.
