A guide to securing organizations
from MFA fatigue

The shift to remote and hybrid work has made authentication security more difficult and has put the spotlight on the drawbacks of traditional authentication methods. Threat actors who engage in MFA fatigue attacks, also known as MFA prompt bombing, deliberately bombard users' mobile devices with push notifications to get past MFA protection.

The 2023 State of Passwordless Security report found that nearly 30% of organizations were hit by push notification attacks, which have more than doubled since 2022. The study also revealed that 3 out of 5 reported breaches were due to authentication weakness.

In this guide, you'll learn:

  • What MFA fatigue is and how it works.
  • About recent MFA fatigue attacks.
  • What organizations can do to strengthen their MFA.
  • How ManageEngine's identity security features combat MFA fatigue.