Picture this: you're chilling out, sipping a cup of coffee, watching Youtube on a sunny Saturday morning. Suddenly, your phone buzzes with a notification. "Great," you mumble, having expected a fun meme or a heartwarming message from a friend.
But alas, it's just another MFA code, staring back at you like an insistent fly that just won't buzz off.
You scratch your head and wonder, "Did I really request this code again?"
You didn’t.
Hackers are hiding behind a digital bush, waiting for you to mindlessly tap "Approve" just to swat the message away and get back to watching Good Mythical Morning. You might think you’re nimble enough to wiggle out of this attack.
You’re not.
Imagine now that it’s the middle of the night. You are sleeping, dreaming about going to the Bahamas with your cat, Gerald. Your phones buzzes. And buzzes. And buzzes. In your best morning voice, you croak out a few curse words and finally pick up your phone, click whatever button looks like it will let you and Gerald drift back off to the Bahamas, and close your eyes.
Even the best of us could fall for that one. Catch any one of us in a weak moment and we could be toast.
MFA (Multi-Factor Authentication) fatigue is a pesky hacker technique that’s main attack is being annoyingly persistent. It's like being stuck in an endless loop of verification pop-ups. Approve, deny, approve, deny – you start to wonder if you're trapped in a digital Groundhog Day. But fear not, there's a simple antidote to MFA fatigue: mindfulness.
Pause, take a breath, and ask yourself if you initiated this request. It's like donning a helmet to protect yourself from that pesky fly buzzing around your head.
For real though, there is a more practical thing you can do so that you don’t have to channel your inner Zen master, and protect your digital kingdom, fighting off an army of authentication messages at midnight:
Switch your accounts to use MFA methods that require a code entry instead of just a verification click. That way, your account will only be accessed by whoever has access to the authentication app or email address or phone number that the code is sent to. In other words, by you.
Also, never ever re-use passwords (that way, if your password is guessed for one platform, they will not immediately have access to anything else).