MFA prompt fatigue attacks expose the limits of push approval

At a glance

What this is: This is an analysis of MFA prompt fatigue attacks and how repeated push requests can convert stolen credentials into account takeover.

Why it matters: It matters because IAM teams need controls that reduce approval abuse across human identity today while also anticipating similar trust failures in machine and agent access flows.

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.

👉 Read Ping Identity's analysis of MFA prompt fatigue attacks and defences

Context

MFA prompt fatigue is a user-trust problem, not a crypto problem. The attacker already has stolen credentials, then uses repeated prompts to wear down the human decision point that push-based MFA depends on.

That makes the issue directly relevant to identity governance, because approval-based controls assume the user is alert, present, and able to judge each request in context. Once that assumption weakens, the authentication workflow itself becomes the attack surface.

The same pattern also helps explain why identity programmes need to move beyond simple prompt frequency controls and toward stronger verification, device context, and phishing-resistant methods such as FIDO2.

Key questions

Q: How should security teams stop MFA prompt bombing on push-based authentication?

A: Start by limiting prompt volume, then add contextual details such as device, location, and time so users can spot suspicious activity. For higher-risk accounts, move to number matching or phishing-resistant methods like FIDO2. The goal is to reduce the chances that a tired user becomes the final control.

Q: Why do repeated MFA prompts increase account takeover risk?

A: Repeated prompts exploit decision fatigue. Once an attacker already has a password, the remaining barrier is often a user’s willingness to approve one more request. The more often the user is interrupted, the more likely a false approval becomes, especially when the prompt looks routine and offers no context.

Q: What do security teams get wrong about push-based MFA?

A: They often treat the presence of MFA as equivalent to strong assurance. In reality, plain push approval can be socially engineered if the attacker can keep triggering requests. Stronger assurance comes from reducing prompt volume, adding context, and using factors that cannot be remotely spammed.

Q: Who should move to phishing-resistant MFA first?

A: Privileged users should move first, especially administrators, help desk staff, and executives. These accounts are both high value and highly targeted, so reducing the attack surface there delivers the greatest risk reduction. Organisations should use the transition to retire approval habits that attackers can exploit.

Technical breakdown

How prompt bombing converts stolen credentials into access

Prompt bombing starts after the attacker obtains valid credentials, usually through phishing, credential stuffing, or a breach. The login attempt is then repeated to generate a stream of MFA prompts. The system is not being broken at the protocol layer. Instead, the attacker is applying pressure to the user until one approval is granted. That approval satisfies the MFA challenge and turns the original credential compromise into a live session. The weakness is the human approval loop, not encryption or token issuance.

Practical implication: detect repeated authentication attempts as an attack sequence, not as harmless login noise.

Why push-based MFA is vulnerable to approval fatigue

Push MFA assumes users can safely distinguish legitimate prompts from malicious ones in real time. In practice, fatigue, distraction, and annoyance reduce that ability. The attack works because the prompt itself is familiar, so users tend to treat it as routine. Once enough prompts arrive, the user may approve simply to stop the interruption. Number matching, contextual prompts, and device trust reduce that blind approval risk by forcing active evaluation rather than reflexive acceptance.

Practical implication: replace plain push approval with controls that force user attention before access is granted.

Why risk-based and phishing-resistant authentication change the game

Risk-based authentication changes when and how MFA is triggered by using context such as device, location, and time of day. That reduces unnecessary prompts and makes unusual access patterns easier to challenge. Phishing-resistant methods such as FIDO2 go further by removing the approval habit entirely and binding authentication to a physical or biometric factor that cannot be remotely spammed. In governance terms, this shifts MFA from a user patience test to a stronger assurance model.

Practical implication: prioritise phishing-resistant MFA for privileged and high-risk accounts first.

Threat narrative

Attacker objective: The attacker aims to convert stolen credentials into interactive account access and then use that foothold for takeover, movement, or exfiltration.

1. entry: The attacker begins with stolen credentials obtained through phishing, breach reuse, or credential stuffing.
2. escalation: Repeated login attempts trigger a flood of MFA prompts that pressure the user into approving one request.
3. impact: The approved challenge gives the attacker a valid session that can be used for lateral movement or data theft.

Breaches seen in the wild

• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Approval fatigue is a human governance failure, not an MFA product failure. Push-based authentication assumes users can reliably assess each prompt under pressure. Once attackers can repeat requests quickly enough, the control starts measuring exhaustion rather than legitimacy. The implication is that approval-based MFA must be treated as a weak trust boundary unless it is paired with stronger context and phishing-resistant factors.

Contextual authentication is now the minimum viable defence, not an enhancement. The article’s own prevention logic points to the real issue: a prompt without device, location, and behavioural context is just a yes-or-no gate. IAM teams should read that as a sign that access decisions need more than a shared mobile notification channel. Practical conclusion: approval workflows that do not expose context are too easy to socially engineer.

Named concept: approval debt. MFA fatigue creates a standing obligation for users to make repeated trust decisions under stress, and attackers exploit that debt until one approval clears the path. This is a governance problem because the organisation is effectively outsourcing authentication assurance to user patience. Practical conclusion: reduce the number of decisions a user must make before access is granted.

Phishing-resistant authentication belongs in the privileged path first. The article correctly highlights FIDO2 because the highest-value accounts are the ones most likely to be targeted with prompt bombing. That is especially true for administrators, help desk staff, and executives. Practical conclusion: identity teams should treat passwordless and hardware-bound authentication as a control priority for privileged users, not a universal future-state exercise.

This attack also foreshadows a broader identity problem across machine and agent access. Human prompt fatigue is one version of a wider issue: once access decisions are reduced to repeated accept/deny moments, attackers look for the easiest approval surface. That same governance weakness can appear in NHI and autonomous workflows when access is trusted too long or too casually. Practical conclusion: review every approval-based control for decision fatigue, not just user convenience.

From our research:

• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
• For a broader control baseline, Top 10 NHI Issues explains where over-privilege and unmanaged credentials typically start to accumulate.

What this signals

Approval debt: MFA fatigue is a reminder that any identity control built around repeated human consent can be stressed into failure. Once a process depends on user patience as a security mechanism, the organisation has already weakened its assurance model. Teams should review where approval volume, not actual trust, is driving access outcomes.

The practical signal is to move high-risk users off plain push approval and into phishing-resistant authentication, while also tightening alerting on repeated prompt sequences. For identity programmes that still rely on user judgement at the edge, the design question is not whether MFA exists, but whether it can survive deliberate pressure.

The same pattern matters beyond human logins. As NHIs and agentic workflows become more interactive, identity teams need to ask where approval loops, standing trust, or delayed review create comparable exploitation windows. The control lesson is to reduce repetitive trust decisions across every actor type, not just for employees.

For practitioners

• Instrument repeated-prompt detection Alert on more than a small burst of MFA requests for the same user, especially when denials are followed by a successful approval. Correlate prompt volume with device and location anomalies so the signal is treated as active pressure, not routine login activity.
• Add context to every approval request Expose IP address, device type, browser, timestamp, and location in the prompt flow so users can make an informed decision. If the notification does not show enough context to be judged, it is too weak to serve as the primary trust check.
• Deploy number matching before broad push use Use number matching for accounts that still depend on push-based MFA. It forces the user to engage with both the login screen and the authenticator, which materially reduces reflexive approval and makes flooding less effective.
• Prioritise FIDO2 for high-risk roles Move administrators, support staff, and other privileged users to phishing-resistant authentication first. These roles are the most likely to be targeted by prompt bombing and benefit most from a factor that cannot be spammed remotely.
• Train users to treat repetitive prompts as an incident Teach employees to deny unexpected requests, report the event, and stop using the account until the request pattern is reviewed. User education should focus on prompt repetition, odd timing, and unfamiliar context rather than generic MFA awareness.

Key takeaways

• MFA prompt bombing succeeds by wearing down human decision-making, not by breaking cryptography.
• Repeated denials, sudden approvals, and odd device or location shifts are the clearest early warning signs.
• Number matching, contextual prompts, risk-based access, and FIDO2 materially reduce approval abuse.

Key terms

• Mfa Prompt Bombing: A social engineering attack that overwhelms a user with repeated authentication prompts until one is approved. The control failure is not in the MFA protocol itself, but in the human approval loop that the protocol depends on for final confirmation.
• Number Matching: An MFA verification method that requires the user to enter or select a displayed number to complete authentication. It reduces accidental approval by forcing active correlation between the login attempt and the authenticator, which makes flooding attacks harder to exploit.
• Risk-Based Authentication: An adaptive authentication approach that changes the challenge based on signals such as device, location, behaviour, and time. It helps reduce unnecessary prompts and increases assurance when access conditions look abnormal or inconsistent with the user’s usual pattern.
• Phishing-Resistant Authentication: Authentication designed so an attacker cannot easily trick or remotely trigger the factor into approving access. FIDO2 is the best-known example because it binds the login to a physical or biometric action rather than a push approval that can be spammed.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Ping Identity: How to Detect & Prevent MFA Prompt Fatigue Attacks. Read the original.