We‘ve repeatedly emphasized the importance of multifactor authentication (MFA) and emphasized that not all MFA is equal – the Authenticator is much more secure than phone authentication (so hang up!)...
Updated Apr 17, 2024
Version 3.0
Blog Post
2 MIN READ
Emphasizing security by default with advanced Microsoft Authenticator features
I like it, MFA fatigue is a real problem!
The only downside is that we will be missing out on the "Not Me!" notifications that do provide SOC / Security with a high-fidelity alert.
Could we provide the users with a "summary alert" as a prompt in Authenticator or at the next successful logon?
The goal would be to add the user perspective. The wording is hard to get right but a first draft could be;
Over the last x hours we have registered y risky login attempts. A risky login is one that happens at an unusual time or from an unknown device or location. Please add context by choosing one of three options:
- Green: I know why and this has been resolved (IT / security has contacted me, I did not bring my phone etc.)
- Yellow: This is me and I would like for this to work. (Link to company FAQ)
- Yellow: I don't know the source of these attempts (IT may contact me)
- Red: I know this is not me (IT/Security can contact me)
In reality any option is OK as long as there is not a "please approve anyway" button. Such a button would get written into the attackers playbook immediately.
Stretch goal: Organizations should be able to define and populate that FAQ link and also choose if this alert would prompts the user on the first or the umpteenth risky login attempt.