Multi-factor authentication is one of the best tools we have for keeping accounts safe. It is also a tool that attackers have learned to work around, not by breaking it but by wearing you down.
If your phone suddenly starts buzzing with login approval requests you did not ask for, something is wrong. Someone already has your password, and they are hoping you will tap approve just to make the notifications stop.
This is called MFA fatigue, and it is one of the more frustrating cyberattacks people run into. The technology is doing its job. The attacker is trying to get you to override it.
What MFA Fatigue Looks Like
MFA fatigue is an attack where someone with your password sends repeated authentication requests, sometimes dozens in a row, until you approve one out of frustration, confusion, or sleep. One tap of approve gives them full access to your account.
How to Recognize It
Unexpected prompts are the clearest sign. If a push notification or text code shows up asking you to verify a login, but you are not actually trying to sign in, someone else is. That request is the attacker.
Repeated notifications in a short window are another giveaway. This is not a system glitch. It is a deliberate attempt to get you to give in.
Late night and odd-hour requests are common too. Attackers often launch these when people are tired or distracted, hoping a half-asleep tap will hand over the account. Any MFA prompt at an unusual hour deserves a second look.
Protective Steps
A few habits make this attack much harder to pull off:
- Never approve an MFA prompt you did not initiate. If you are not actively signing in, deny it every time.
- Change your password right away if you start receiving unexpected prompts, since it likely means your password has been compromised.
- Report the activity to the Help Desk so the security team can take a closer look at your account.
- Use number matching when it is available, since entering a number from the login screen prevents accidental approvals.
- Do not just dismiss the prompts. Ignoring them leaves the door cracked open for another attempt.
If You Approved One by Accident
Change your password immediately from a different device. Sign out of all active sessions if your account settings allow it. Then contact the Help Desk right away so the security team can investigate.
Reporting
If something feels off, report it to your campus IT help desk as soon as possible. The sooner it’s reported, the easier it is to contain. You can find contact information for your campus help desk here: Universities of Wisconsin (UW System) – IT Help Desks Contact Information.
Bottom Line
If your phone is asking you to approve a login you did not start, treat it as an attack in progress. Deny the prompt, change your password, and let the Help Desk know. The notifications stop when the attacker gives up, not when you give in.