The control breaks when approval becomes automatic instead of deliberate. Repeated prompts can condition users to accept one just to stop the noise, which means the second factor no longer proves genuine intent. In that state, the attacker is no longer defeating MFA cryptographically. They are exploiting the approval workflow itself.
Why This Matters for Security Teams
Push-based MFA is often deployed as a user-friendly step-up control, but repeated notification attacks turn convenience into weakness. Once an attacker can spam approval prompts, the user is pressured to make the noise stop, not to verify the login. That shifts the failure from authentication strength to human fatigue and workflow design. Current guidance increasingly treats push fatigue as an operationally exploitable condition, not just a social engineering trick, as reflected in the Ultimate Guide to NHIs — Key Challenges and Risks and CISA cyber threat advisories.
The security issue is not that MFA is broken cryptographically, but that repeated prompts can train users into reflexive approval. In practice, that means an attacker may only need persistence, timing, and a valid primary credential to succeed. NHIMG’s research on identity abuse shows how quickly operational gaps become compromise pathways, including the broader pattern documented in the 52 NHI Breaches Analysis. In practice, many security teams encounter push fatigue only after an account has already been taken over, rather than through intentional testing of the approval workflow.
How It Works in Practice
Repeated notification attacks work by abusing the psychology of the approval screen. The attacker first obtains the victim’s primary factor, then triggers a burst of login attempts that generate multiple push prompts. Each prompt looks legitimate enough to create doubt, but the volume is the actual weapon. Over time, the user may approve one request out of confusion, habit, or simple exhaustion. That is why push-based MFA is better understood as a human-in-the-loop control than as a pure cryptographic guarantee.
Security teams should separate the authentication event from the approval channel. Practical mitigations include number matching, phishing-resistant authenticators, risk-based step-up rules, and rate-limiting repeated prompts. Where possible, align controls to guidance from the Anthropic AI-orchestrated cyber espionage report and the MITRE ATLAS adversarial AI threat matrix, which both reinforce that attacker workflows adapt quickly to control design. NHIMG’s Ultimate Guide to NHIs — Why NHI Security Matters Now also shows why weak identity operations compound exposure when credentials and approval paths are both under pressure.
- Use number matching or challenge codes instead of simple approve or deny prompts.
- Suppress duplicate notifications after the first failed attempt and alert the user through a separate channel.
- Require phishing-resistant MFA for privileged and remote access.
- Correlate repeated prompts with impossible travel, new device, or unusual session context.
- Escalate to help desk verification when prompt volume crosses a defined threshold.
These controls tend to break down in environments with shared devices, high alert fatigue, or legacy identity platforms that cannot suppress repeated prompts or enforce context-aware approval.
Common Variations and Edge Cases
Tighter MFA controls often increase user friction and support overhead, requiring organisations to balance lockout resistance against usability and recovery time. That tradeoff is why current guidance suggests treating repeated prompts as a signal to escalate risk, not as proof the user is present. The best practice is evolving, and there is no universal standard for how many prompts should trigger lockout, soft block, or step-up verification.
One edge case is legitimate retry storms caused by mobile sync issues, token drift, or misconfigured identity providers. Another is privileged access, where approval fatigue is especially dangerous because one mistaken tap can expose sensitive systems. In these cases, organizations should pair MFA hardening with session controls, conditional access, and tighter administrative workflows. For broader identity context, NHIMG’s Top 10 NHI Issues and 52 NHI Breaches Analysis both underline a common lesson: once identity workflows are noisy, attackers need less technical sophistication and more persistence.
Where push-based MFA is still unavoidable, security teams should treat it as one layer in a broader authentication chain, not as the final control. The right question is not whether the push was delivered, but whether the approval was deliberate, contextual, and resistant to coercion.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Repeated prompts expose weak identity workflow and approval abuse. |
| NIST CSF 2.0 | PR.AC-7 | Validates access based on context, not just a successful prompt. |
| NIST AI RMF | GOVERN | Governance is needed for identity controls that fail under human fatigue. |
Reduce approval fatigue by enforcing phishing-resistant, time-bound authentication paths and alerting on anomalous prompt bursts.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
