December 1, 2023

Microsoft right now reported that it completed rolling out a brand new function for its Authenticator app in September, enhancing its safety and addressing an fascinating drawback known as “MFA fatigue.” (The place MFA stands for multi-factor authentication.)

When you use Microsoft Authenticator, you might have seen this new habits. (I’ve.)

Home windows Intelligence In Your Inbox

Join our new free publication to get three time-saving suggestions every Friday — and get free copies of Paul Thurrott’s Home windows 11 and Home windows 10 Area Guides (usually $9.99) as a particular welcome reward!

*” signifies required fields

“We now suppress Authenticator notifications when a request shows potential dangers, equivalent to when it originates from an unfamiliar location or is exhibiting different anomalies,” Microsoft’s Alex Weinert writes within the announcement put up. “This strategy considerably reduces person inconvenience by eliminating irrelevant authentication prompts.

Beforehand, Microsoft Authenticator would pop up a notification for every authentication try. Now, risky-looking login requests will immediate the person to “Open your Authenticator app and enter the quantity proven to register” on the supply with out triggering a notification on the person’s cellphone. Solely once they open the app will they be requested to approve the login, and the app will immediate them to enter a affirmation quantity whereas displaying the identify of the app that triggered the request and the person’s location, with a map.

“MFA fatigue” happens when hackers use stolen credentials to repeatedly spam a person’s cellphone with bogus authentication requests in an try and get them to approve one in error. This methodology has been so profitable that Microsoft determined to vary how these prompts work in its Authenticator app, first by implementing a number-matching scheme and now by way of the no-prompt habits famous above.

“We’ve prevented greater than 6 million passwordless and MFA notifications for the reason that deployment started,” Weinert says. “By the overwhelming majority, these had been hacker-initiated notifications serving no worth to prospects. Implementation of this function has led to a smoother and safer expertise for customers.”