They work because many IAM programmes still treat user approval as a reliable trust signal. Repetition, late-night sign-ins, and multi-device notifications make the prompt easier to approve than to evaluate. When organisations depend on human attention as a security control, attackers can exploit normal exhaustion and turn it into access.
Why This Matters for Security Teams
mfa fatigue succeeds because it targets the weakest control in many modern IAM programmes: human approval under pressure. Once an attacker has a valid username and password, repeated push prompts, time-of-day distraction, and device switching can turn a legitimate factor into an access bypass. That pattern is documented repeatedly in incident research, including NHIMG coverage of identity abuse in the 52 NHI Breaches Analysis and the broader credential exposure risks outlined in the Ultimate Guide to NHIs — Key Challenges and Risks.
The issue is not that MFA is broken. It is that many programmes still assume the user can reliably distinguish a hostile prompt from a routine one. In practice, repeated notifications create habituation, and a fatigued approver becomes part of the attack path. External reporting on active intrusion tradecraft, including the CISA cyber threat advisories, continues to show that identity-based access remains a high-value target because it scales well for attackers and degrades gradually for defenders. In practice, many security teams encounter MFA fatigue only after a help desk ticket or account takeover has already confirmed the breach.
How It Works in Practice
mfa fatigue attack usually begin with a stolen password, session token, or password spray success. The attacker then triggers multiple approval requests until the target accepts one out of annoyance, confusion, or concern that the prompts indicate a real business event. The tactic works especially well where push approval is treated as a default trust signal rather than one control inside a broader risk decision.
Security teams reduce this risk by making approval harder to abuse and easier to verify. Current guidance suggests combining stronger authentication with phishing-resistant methods, risk-based policy, and prompt context that gives the user enough signal to make a real decision. Where possible, organisations should replace generic push approvals with number matching, device binding, location-aware checks, and step-up controls for sensitive actions. The operational lesson in NHIMG’s Top 10 NHI Issues is relevant here as well: static trust signals fail when attackers can automate pressure.
- Limit repeated MFA prompts and alert on abnormal request bursts.
- Use phishing-resistant factors where the risk justifies it.
- Bind approval to device, session, and transaction context.
- Escalate to help desk or risk review when users report prompt fatigue.
For a useful threat lens, Anthropic — first AI-orchestrated cyber espionage campaign report shows how automation can amplify human-facing security workflows, while the Microsoft Midnight Blizzard breach remains a reminder that identity compromise often starts with access, not malware. These controls tend to break down in environments that still rely on approval-only MFA for remote access, because the attacker can simply outwait or out-notify the user.
Common Variations and Edge Cases
Tighter MFA controls often increase user friction and support overhead, so organisations have to balance resilience against operational burden. That tradeoff matters because some environments need fast, low-friction access for shift work, contractors, or incident response.
Not every MFA fatigue event looks the same. In some cases, the attacker uses social engineering to pair the prompt with a fake IT call. In others, they wait for travel, late-night logins, or a user who already expects a session refresh. Best practice is evolving on whether prompt bombing should be treated primarily as an authentication issue, a monitoring issue, or a user-awareness issue. The current consensus is that it is all three.
Organisations with legacy VPNs, broad admin access, or shared service desks are especially exposed because one successful approval can unlock many downstream systems. Teams should also watch for account recovery abuse, help-desk resets, and MFA enrolment tampering, since fatigue is often only the visible step in a wider identity compromise. The larger NHI lesson from NHIMG is that identity abuse scales whenever security depends on predictable human reactions rather than context-aware enforcement.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-7 | Addresses authentication resilience and access enforcement against account takeover. |
| OWASP Agentic AI Top 10 | A2 | Push fatigue maps to weak trust decisions and identity abuse in modern AI-driven access flows. |
| NIST AI RMF | Risk management applies to human-in-the-loop decisions that can be manipulated by attackers. |
Use stronger, phishing-resistant authentication and monitor for anomalous approval patterns.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 23, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
