Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term MFA Fatigue

Training Camp • Cybersecurity Glossary

What is MFA Fatigue?

MFA fatigue, or push bombing, floods a user with repeated MFA approval prompts until they accept one, granting the attacker access.

Glossary > Threats, Malware & Attacks > MFA Fatigue

Understanding MFA Fatigue

MFA fatigue, also called push bombing or prompt bombing, is a social-engineering attack in which an adversary who already holds valid credentials repeatedly triggers multi-factor authentication push notifications until the frustrated or confused user approves one. Defenses include number matching, push throttling, and phishing-resistant FIDO2 or passkey authentication that removes the simple approve prompt.

Learn More About MFA Fatigue:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →