Attack Techniques
What Is an MFA Fatigue Attack?
An MFA fatigue attack, also called MFA bombing, push bombing, or push fatigue, is a social engineering attack in which adversaries flood a user with repeated multi-factor authentication requests—typically via push notifications, SMS codes, or authenticator app alerts—until the user approves one o...
An MFA fatigue attack, also called MFA bombing, push bombing, or push fatigue, is a social engineering attack in which adversaries flood a user with repeated multi-factor authentication requests—typically via push notifications, SMS codes, or authenticator app alerts—until the user approves one out of annoyance, confusion, cognitive overload, or psychological pressure. The attack exploits human vulnerability rather than technical flaws in MFA systems, relying on the exhaustion and alert fatigue of the target user, according to LoginRadius and BeyondTrust research published in 2025.
Unlike technical exploits that break cryptographic mechanisms or exploit software vulnerabilities, MFA fatigue attacks operate entirely in the human domain. By 2025, 25% of recent identity-based attacks now involve fraudulent MFA push notifications, making MFA fatigue attacks one of the most common MFA bypass vectors in active use, according to the Morningstar/Ontinue 1H 2025 Threat Intelligence Report and Obsidian Security research.
How does an MFA fatigue attack work?
MFA fatigue attacks follow a predictable sequence that combines valid credential theft with psychological manipulation.
Stage 1: Credential acquisition requires attackers to first obtain valid usernames and passwords through phishing emails, credential stuffing, malware infection, password reuse on breached sites, or purchase from dark web credential markets. Valid credentials are essential to trigger legitimate MFA prompts on the victim's account.
Stage 2: Automated login attempts begin once credentials are acquired. Attackers use automated tools to trigger multiple login attempts against the target's account. Each legitimate login attempt generates an MFA prompt on the victim's device. Attackers may initiate 10-100+ login attempts in rapid succession.
Stage 3: Psychological exploitation occurs as prompts accumulate and users experience alert fatigue and cognitive overload. Research demonstrates that under repeated interruptions and stress, users are more likely to reflexively approve requests or forget whether they initiated a specific login. Users may also assume the system is malfunctioning or that they triggered legitimate logins themselves.
Stage 4: Social engineering acceleration amplifies fatigue when attackers place concurrent phone calls or text messages posing as IT support, saying "We're getting notifications about your account—approve this MFA to stop them" or "We're attempting to secure your account—please approve the prompt." This manufactured urgency and authority pressure significantly increases approval rates.
Stage 5: Account compromise succeeds when a user finally approves any single MFA prompt. The attacker gains complete session access to the account, bypassing all authentication controls. The attacker can then steal data, modify settings, establish persistence mechanisms, or pivot to connected systems.
Push notification MFA is intentionally designed to be non-intrusive and require minimal user interaction to balance security with user experience. This design tradeoff creates vulnerability to repetition-based attacks. Human attention wanes with repetitive stimuli; users may stop reading or thinking carefully about the 20th notification after the 2nd.
When receiving an MFA prompt, users cannot always verify whether they initiated the login or if it's malicious. Legitimate users often lose track of multiple login sessions they've initiated. Most push notification MFA provides minimal context, only timestamp and sometimes IP or location, making it difficult for users to distinguish legitimate from malicious attempts.
This attack requires no technical exploitation—only valid credentials and access to automated login attempt tools commonly available in PhaaS/credential stuffing toolkits. Threat actors use commercial phishing-as-a-service (PhaaS) platforms with built-in MFA bombing features, credential stuffing bots that automate login retries, API abuse scripts that trigger repeated authentication events, and manual multi-account simultaneous login attempts from different IPs.
How does MFA fatigue differ from other MFA bypass techniques?
MFA fatigue attacks employ distinct mechanisms and success factors compared to other authentication bypass methods.
Factor | MFA Fatigue | AiTM Phishing | SIM Swapping | Session Hijacking |
|---|---|---|---|---|
Requires valid credentials | Yes | Yes | No | No |
Targets user psychology | Yes | Yes | Yes | No |
Real-time exploitation | Yes | Yes | No | No |
Technical complexity | Low | High | Medium | High |
Detection difficulty | Medium | High | High | High |
Success rate (first attempt) | 10-20% | 40-60% | 20-30% | 70%+ |
Reversibility | Partial (user can reject) | No | No | No |
Timeline to compromise | Minutes-hours | Minutes | Hours-days | Immediate |
Scalability (cost per attack) | Low | Medium | High | Medium |
Ideal for | Exploiting weak rate limiting and user exhaustion; low-sophistication attackers | Bypassing MFA at scale with technical infrastructure; real-time credential theft | Targeted attacks on high-value SMS-based accounts; individual victims | Evading all authentication when cookies already stolen; post-compromise access |
AiTM phishing requires sophisticated reverse proxy infrastructure and real-time credential interception. MFA fatigue requires only the ability to trigger repeated login attempts with valid credentials. SIM swapping demands social engineering of mobile carriers and insider access or detailed personal information. Session hijacking requires malware deployment or network interception capabilities.
The technical barrier to entry for MFA fatigue attacks is substantially lower than other bypass techniques. Any attacker with stolen credentials can attempt MFA bombing using readily available tools, making this technique accessible to lower-skilled threat actors.
Why do MFA fatigue attacks matter?
The prevalence and effectiveness of MFA fatigue attacks challenge organizational assumptions about authentication security.
By 2025, major ransomware crews including Scattered Spider, Muddled Libra, and other human-operated threat groups have adopted MFA bombing as a standard part of their initial access playbook, according to Dark Analytics research published in 2025. This represents a shift from theoretical attack to mainstream technique deployed by sophisticated adversaries.
MFA fatigue attacks are classified as "one of the most effective and fastest-growing methods for account takeovers," with security firms reporting month-over-month increases in detection rates throughout 2024-2025, according to LoginRadius and Arctic Wolf research.
The Uber 2022 breach exemplified the MFA bombing vector, where continuous MFA prompts over approximately one hour eventually led to account compromise. This incident brought widespread awareness to the technique and demonstrated its effectiveness even against security-conscious organizations.
Approximately 70% of enterprise MFA users acknowledge having received suspicious or unwanted MFA prompts, and 15% report having accidentally approved a prompt they believed was malicious, according to Expert Insights research published in 2025. This indicates widespread exposure and a concerning rate of successful compromises.
The psychological nature of the attack makes it difficult to prevent through technical controls alone. Unlike technical vulnerabilities that can be patched, human cognitive limitations and decision-making under stress represent permanent attack surfaces that require ongoing training and awareness.
Organizations that have invested heavily in MFA deployment may experience false confidence that their authentication is secure, while remaining vulnerable to this social engineering vector. The existence of effective bypass techniques means that MFA alone cannot serve as a complete authentication security solution.
What are the limitations of MFA fatigue attacks?
Despite their effectiveness, MFA fatigue attacks face operational constraints that limit their success rates in certain environments.
User awareness and training represents the most significant limitation. Security-conscious users trained to never approve unexpected prompts significantly reduce attack success. Organizations with strong MFA training and incident response have observed less than 5% success rates for MFA fatigue attacks, according to Ping Identity research published in 2025.
Organizations that educate users that MFA prompts should only appear when they initiate login, teach users to verify before approving by checking initiated apps, IP addresses, and devices, and establish culture where users report unexpected MFA prompts immediately achieve substantially lower compromise rates.
Rate limiting and account lockout prevent sustained campaigns when authentication systems rate-limit login attempts or lock accounts temporarily after N failed authentication attempts, typically after 5-10 failures. However, many systems allow 20-50+ attempts before triggering lockouts, according to ManageEngine research.
Ping Identity research recommends aggressive rate limiting: no more than 5 failed MFA attempts per 5-minute window, temporary account lockout after 10 failed attempts with 15-60 minute duration, and escalation to security team notifications after 15+ failed attempts.
Time-window constraints limit attack effectiveness when MFA prompts typically expire within 5-15 minutes. If a user delays approval, the attacker's initial prompt window closes and a new attempt is required, extending the attack timeline and increasing detection risk.
Notification deduplication by modern push notification systems reduces psychological bombardment. Increasingly systems deduplicate rapid successive prompts, showing users a single "multiple requests" notification instead of 50 individual alerts. This reduces the visual and psychological bombardment effect.
No credential theft occurs during failed MFA fatigue attacks. Unlike AiTM phishing or session hijacking, MFA fatigue does not result in credential theft. If the attack fails, the attacker's credentials remain valid but haven't been compromised. The user can change their password post-incident.
Detection at scale is possible when organizations monitoring MFA authentication logs can identify sudden spikes in failed MFA attempts or repeated rejections, triggering alerts before a successful approval occurs.
How can organizations defend against MFA fatigue attacks?
Defense against MFA fatigue requires implementing authentication technologies resistant to psychological manipulation and establishing organizational practices that reduce attack success rates.
Deploy hardware security keys (FIDO2) as the primary defense. FIDO2 hardware tokens are completely immune to MFA fatigue because they require physical interaction through button press and verify the legitimate service before generating approval. They cannot be triggered by stolen credentials alone. Prioritize FIDO2 for high-value accounts including admins, finance, and executives, according to BeyondIdentity and Ping Identity research published in 2025.
The cryptographic challenge-response mechanism of FIDO2 means that even with valid credentials, attackers cannot generate authentication prompts that appear on the user's device without physical proximity to the hardware key. This eliminates the fundamental mechanism of MFA fatigue attacks.
Enforce Time-Based One-Time Password (TOTP) as alternative to push notifications. TOTP-based authenticators like Google Authenticator, Authy, and Microsoft Authenticator require users to read and input a 6-digit code rather than approve/reject a prompt. TOTP is resistant to fatigue attacks because the user must actively type codes; passive notifications are not used, according to LoginRadius and Ping Identity research.
Restrict push notifications to specific contexts by configuring push MFA to only appear for high-risk transactions like admin portal access or credential changes, specific IP address ranges like corporate networks, or specific geographic regions. Use TOTP for routine/lower-risk access, according to Ping Identity.
Implement intelligent push context in notifications by deploying MFA solutions that include rich context: device name and type initiating the login, precise geographic location with map display, IP address and ISP/carrier details, device fingerprint including OS, browser, and screen resolution, and user's historical login patterns. This enables users to quickly identify malicious versus legitimate attempts, according to BeyondIdentity and RSA research published in 2025.
Implement strong rate limiting and account lockout policies. Deploy aggressive rate limiting: no more than 5 failed MFA attempts per 5-minute window, temporary account lockout after 10 failed attempts for 15-60 minute duration, and escalation to security team notifications after 15+ failed attempts. This prevents sustained MFA bombing while minimizing false positives from legitimate user errors, according to Ping Identity and ManageEngine research.
Deploy behavioral analytics and anomaly detection systems that identify anomalous MFA patterns including sudden spike in MFA attempts (baseline equals 1-2 per day, alert on more than 10), MFA attempts from unusual IP addresses or geographies, MFA attempts at unusual times such as 3 AM when user is in PST timezone, and mix of approved and rejected attempts suggesting user is questioning legitimacy, according to Arctic Wolf and Vectra AI research.
Establish user education and security culture by educating users that MFA prompts should only appear when they initiate login, teaching users to verify before approving by checking initiated apps, IP addresses, and devices, establishing culture where users report unexpected MFA prompts immediately, and training users to never approve unsolicited requests even under claimed urgency. Organizations with strong MFA awareness training observe 70-80% lower MFA fatigue attack success rates, according to BeyondTrust and Arctic Wolf research.
Implement help desk verification procedures that train help desk to never ask users to "approve the next MFA prompt" or "bypass MFA," implement callback verification where if user calls help desk, callback to their registered number, require security questions and ID verification for account changes, and never reset MFA via phone but require in-person or email verification, according to Ping Identity.
Enforce network segmentation and VPN requirements by restricting access to sensitive systems to corporate VPN only. This forces attackers attempting login from external networks to appear conspicuous in MFA context with different IP/ISP, making users more likely to reject prompts, according to Ping Identity.
Deploy continuous credential monitoring to monitor for credential leaks in real-time and notify users immediately if their passwords appear in breaches, enabling password rotation before attackers can use them for MFA fatigue campaigns, according to Expert Insights research.
FAQs
How long does a typical MFA fatigue attack last?
A successful MFA fatigue attack typically takes 5-15 minutes of rapid login attempts generating 20-50+ prompts, according to Obsidian Security and LoginRadius research published in 2025. However, combined with social engineering calls, the timeline can extend to 30 minutes to 1 hour, as seen in the Uber 2022 breach. Most users approve or reject within the first 20-30 seconds of fatigue-induced stress.
The attack duration depends on several factors including user attention and stress level, rate limiting policies of the authentication system, number of simultaneous prompts the system allows, and whether attackers employ concurrent social engineering. Organizations with aggressive rate limiting that lock accounts after 10 failed attempts typically see attack timelines truncated to under 5 minutes before lockout triggers.
Can users tell the difference between a legitimate and malicious MFA prompt?
Most users cannot reliably distinguish legitimate from malicious prompts, especially after 3-5 consecutive prompts, according to BeyondIdentity and LoginRadius research. Standard push notifications only show timestamp and location, insufficient for users to verify whether they initiated the login.
Rich context notifications that display device name, IP details, and historical comparison significantly improve user ability to identify attacks. Organizations deploying intelligent MFA prompts with detailed context information observe substantially higher rejection rates of malicious attempts compared to basic timestamp-only notifications.
User ability to distinguish prompts degrades rapidly under stress and repetition. The first unexpected prompt may trigger careful scrutiny, but by the fifth or tenth prompt, users experiencing cognitive overload may approve without careful review.
Is MFA fatigue only effective against push notification MFA?
Yes, MFA fatigue attacks are specific to push notification-based MFA, according to Ping Identity and BeyondTrust research published in 2025. TOTP-based MFA requiring time-based one-time passwords with manual code entry and FIDO2 hardware keys are inherently resistant because they require active user input or physical interaction, not passive approval.
TOTP requires users to read a 6-digit code from their authenticator app and manually type it into the login form. This active process cannot be automated or bypassed through repetition. Users must consciously retrieve and enter each code, making fatigue-based attacks ineffective.
FIDO2 hardware keys require physical button press on the device itself, making it impossible for attackers to generate prompts remotely even with valid credentials. The user must have physical possession of the key and intentionally press the button.
What is the success rate of MFA fatigue attacks?
Real-world success rates depend on several factors. First attempt success against typical users ranges from 10-20% as most users reject unfamiliar prompts initially. With concurrent social engineering calls, success increases to 30-40%. Against untrained users, success can reach 40-60%. Against trained and security-aware users, success drops below 5%, according to LoginRadius and Ping Identity research.
Organizations with strong MFA training and rate limiting observe sub-5% compromise rates from fatigue attacks. The combination of user education about never approving unexpected prompts and technical rate limiting that locks accounts after 10 failed attempts creates defense-in-depth that substantially reduces attack effectiveness.
Success rates vary significantly based on attack timing. Attempts during business hours when users are actively working show higher success than off-hours attempts. Attacks targeting users during high-stress periods or critical business deadlines show elevated success rates.
Can attackers automate MFA approval or bypass push notification waiting entirely?
No, according to BeyondTrust and Ping Identity research published in 2025. MFA fatigue cannot be automated in the sense that it fundamentally requires the user to manually approve or reject the prompt. Attackers cannot bypass the approval step or trigger automatic acceptance. The attack relies entirely on human psychology and fatigue.
This limitation is what makes FIDO2 and TOTP immune to MFA fatigue, as they require different human actions including physical button press or code entry. The attack mechanism depends on users making approval decisions under stress and cognitive overload, which cannot be technically bypassed.
Attackers can automate the generation of MFA prompts through scripted login attempts, but the final approval step requires human interaction on the target's device. This creates an operational bottleneck that limits scalability compared to fully automated attacks.
