They work because many programmes assume a user will reliably reject suspicious prompts. Once an attacker can trigger enough notifications, the control becomes dependent on attention, timing, and judgment. That makes it vulnerable even when the underlying MFA mechanism is correctly configured.
Why This Matters for Security Teams
mfa fatigue attacks succeed because the control is often treated as a one-time gate instead of an ongoing human decision under pressure. Mature IAM programmes may have strong policy, logging, and conditional access, yet still depend on a user noticing repeated prompts and making the correct choice in the moment. That human step is precisely what attackers target.
This matters because the failure is not usually in MFA configuration. It is in the operational assumption that attention, judgment, and response time will remain reliable during an active attack. Guidance from the CISA cyber threat advisories continues to show that adversaries combine prompt spam with social engineering, help desk abuse, and credential replay to push past otherwise sound identity controls. NHIMG’s 52 NHI Breaches Analysis is a useful reminder that identity compromise often becomes visible only after access has already been misused, not at the moment the control is triggered.
In practice, many security teams encounter MFA fatigue only after an attacker has already found a user willing to approve one prompt too many.
How It Works in Practice
Fatigue attacks work by turning a strong authentication factor into a noisy, time-based pressure tactic. An attacker first obtains a valid primary credential, then repeatedly triggers MFA requests until the target approves one out of frustration, distraction, or confusion. The attacker does not need to break the MFA protocol itself; they only need a moment when the user’s behavior becomes the weakest link.
Defensive maturity depends on reducing that behavioral dependency. Current guidance suggests pairing MFA with controls that make approval harder to abuse: number matching, device binding, phishing-resistant authenticators, risk-based step-up, and alerting on anomalous push volume. Where possible, organisations should use CISA cyber threat advisories and vendor-agnostic guidance to prioritise phishing-resistant methods such as FIDO2/WebAuthn over simple push approval. For broader identity governance context, NHIMG’s Ultimate Guide to NHIs — Key Challenges and Risks is relevant because it frames a common pattern: security teams often secure the mechanism but not the surrounding workflow that attackers actually exploit.
- Limit repeated prompts and flag unusual bursts as a high-confidence signal of attack.
- Use phishing-resistant MFA where user approval alone is not sufficient.
- Bind authentication to a known device or verified session context.
- Escalate or lock out on abnormal prompt frequency rather than waiting for user judgment.
- Train service desk and SOC teams to treat MFA spam as an active intrusion indicator.
These controls tend to break down in high-interruption environments, such as 24/7 operations centers, when users are conditioned to approve frequent legitimate prompts and the signal-to-noise ratio collapses.
Common Variations and Edge Cases
Tighter MFA controls often increase user friction and help desk load, so organisations have to balance resilience against operational convenience. There is no universal standard for this yet, but best practice is evolving toward phishing-resistant authentication and prompt suppression rather than relying on user vigilance alone.
Some environments create unusual exposure. Shared workstations, frontline operations, and high-turnover support teams can normalise repeated authentication requests, which makes fatigue attacks more effective. In delegated admin models, attackers may also exploit approval pathways that were designed for legitimate escalation but lack strong context checks. The risk is higher when MFA is the final barrier protecting broad session privileges rather than a small, tightly scoped action.
For threat context, the Anthropic report on the first AI-orchestrated cyber espionage campaign and the MITRE ATLAS adversarial AI threat matrix both reinforce a broader point: attackers increasingly automate scale, which makes notification flooding and timing-based abuse more practical. NHIMG’s 2024 Non-Human Identity Security Report also shows that 88.5% of organisations say their non-human IAM practices lag human IAM or are only on par with it, a gap that matters because weak identity habits in one domain often spill into the other.
The practical exception is high-assurance environments using hardware-bound, phishing-resistant factors with strong conditional access. In those cases, fatigue attacks are far less reliable, but organisations still need response playbooks because prompt abuse often signals that another part of the identity stack has already been compromised.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-5 | Covers authentication resilience against repeated prompt abuse. |
| OWASP Non-Human Identity Top 10 | NHI-06 | Identity abuse patterns overlap with weak token and session controls. |
| NIST SP 800-63 | AAL2 | Explains why stronger authenticator assurance lowers prompt-spam success. |
Prefer phishing-resistant MFA and monitor repeated authentication events as an intrusion signal.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
