Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term MFA Fatigue Attack

Training Camp • Cybersecurity Glossary

What is MFA Fatigue Attack?

MFA fatigue attacks spam push notifications so a user approves one by mistake; number matching and FIDO2 help defend against push bombing.

Glossary > Threats, Malware & Attacks > MFA Fatigue Attack

Understanding MFA Fatigue Attack

An MFA fatigue attack, also called MFA bombing or push bombing, is a social engineering technique in which an attacker who already has valid credentials repeatedly triggers multi-factor authentication push notifications to a victim. The goal is to annoy or confuse the user into approving a request, granting the attacker access. Defenses include number matching, limiting push attempts, and using phishing-resistant authentication such as FIDO2.

Learn More About MFA Fatigue Attack:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →