WatchGuard Blog

4 tips on how to prevent MFA fatigue in your company

Implementing multi-factor authentication (MFA) is undoubtedly the best way to protect your company and its data. However, when it comes to identity management, both users and administrators tend to demand a balance between efficiency, convenience, and security, all at the same time. It is a difficult challenge, but one that can be met.  

This is mainly because users may see MFA as a barrier that creates friction during use that can slow down productivity. Often when there is a choice between speed and safety, people prefer speed. But fortunately, if applied correctly, MFA can increase cybersecurity without adding complexity or reducing end-user productivity.  

Keys to prevent MFA fatigue in your organization 

When choosing the best MFA solution for your business, you need to assess your organization’s needs, taking into account the type of data to be protected, as well as the complexity of security requirements. This is important, as users may tire of this technology and try to circumvent it. Opting for the right solution can make all the difference and following the tips below you can prevent end users from experiencing fatigue and help them use the tool in the right way:  

1. Educate users about MFA:

Although it may seem a bit basic, providing users with training is one of the best practices to overcome MFA resistance. In most cases, humans are considered the weakest link in the chain so it’s crucial to educate them properly about the importance of MFA.  

2. You can combine MFA with SSO:

Single sign-on authentication offers a great user experience, and by combining it with MFA, you can get a more seamless experience while strengthening security. This helps remove some of the biggest barriers to adoption of this technology.  

3. Don't forget to review authentication settings and policies:

Make sure that the MFA solution is configured securely and that users are aware of how to use it correctly. In addition, it may be beneficial to designate different authentication factors based on roles, so that factors with high resistance to attacks can be deployed for privileged accounts, while simpler but effective ones can be deployed for less privileged user roles. 

4. Make sure your solution can deal with evolving threat vectors:

A new social engineering technique called "MFA Fatigue Attacks" has been developed recently and continues to gain popularity among cybercriminals due to its high level of effectiveness. In these attacks, malicious actors send multiple MFA requests in hopes of frustrating a legitimate user who, when overwhelmed by the number of alerts, may disable the MFA solution, thinking it is malfunctioning, or the cybercriminal may pose as a support employee and request the code they need to log into the user's account.   

A good MFA solution must evolve and incorporate new functionalities that are adapted to the latest strategies deployed by cybercriminals. Thus, they need to offer an alternative that blocks spam notifications that may indicate a phishing attack, which means push notifications can be disabled to prevent unauthorized login caused by MFA fatigue.  

86% of attacks on corporate web applications, as well as almost 40% of BEC attacks, come from credential theft. MFA provides greater certainty that a user is who they claim to be before granting access to an online application or account. However, if barriers related to end-user experience are not taken into consideration, this solution may fail to fulfil its purpose.  

By following these tips, you can improve your organization's security without compromising the user experience and reduce the risk of compromised passwords. 

If you want to find out more about MFA fatigue attacks, be sure to visit our blogpost: