Understanding the Growing Threat of MFA Bombing
Multi‑Factor Authentication (MFA) is one of the most effective controls for preventing account compromise. However, attackers have adapted. One of the fastest‑growing threats today is MFA bombing also known as MFA fatigue attacks, where criminals overwhelm users with push notifications until one is accidentally approved.
WatchGuard AuthPoint has been specifically designed to counter this emerging threat with intelligent controls that protect both users and organisations.
What Is MFA Bombing and MFA Fatigue?
MFA bombing occurs when an attacker already has a user’s password (often obtained through phishing or data breaches) and repeatedly triggers MFA push requests.
The attacker relies on:
- User distraction
- Confusion
- Fatigue from repeated prompts
Eventually, a user may approve a request just to stop the notifications, granting the attacker access.
This technique has been used in several high‑profile breaches and is now a common tactic against Microsoft 365, VPNs, cloud applications, and remote access systems.
How WatchGuard AuthPoint Prevents MFA Bombing Attacks
WatchGuard AuthPoint includes multiple built‑in protections that directly address MFA fatigue risks, without relying on user awareness alone.
Intelligent Push Request Controls
AuthPoint allows administrators to restrict and control push behaviour, preventing unlimited authentication requests.
Key protections include:
- Blocking excessive or repeated authentication attempts
- Limiting how frequently push notifications can be sent.
- Preventing continuous prompts that lead to fatigue.
This removes the attacker’s ability to “spam” the user into making a mistake.
Push Notifications with Context Awareness
Unlike basic MFA tools, AuthPoint gives users meaningful context before approving a request, including:
- Where the request is coming from
- Which application is requesting access?
- Whether the activity matches normal behaviour
Unexpected or suspicious requests are immediately obvious to the user, dramatically reducing the chance of approval by accident.
Deny‑by‑Default for Unexpected MFA Fatigue Requests
AuthPoint encourages and supports a deny‑by‑default mindset.
If a user receives a push notification they did not initiate:
- The correct action is to deny the request.
- Repeated denied attempts can trigger security investigations.
This approach shifts control back to the user safely, without pressure or confusion.
Adaptive Authentication Using Risk‑Based Policies
One of AuthPoint’s strongest defences against MFA fatigue is its risk‑based authentication engine.
AuthPoint can automatically evaluate:
- User identity
- Device
- Location
- Network context
- Time of access
If a login appears risky or abnormal:
- Additional authentication factors are required.
- Access can be blocked entirely.
- Push notifications may be disabled in favour of stronger verification.
This prevents attackers from exploiting MFA prompts during unusual or high‑risk login attempts.
Enforcing Stronger MFA Methods Than Push Alone
WatchGuard AuthPoint supports multiple secure authentication methods, including:
- QR‑code-based approvals.
- One‑time passwords (OTP)
- Hardware tokens (physical MFA keys)
Organisations can:
- Disable push‑only MFA for high‑risk systems.
- Require stronger methods for admins and privileged users.
- Prevent push fatigue at its source.
This layered approach removes reliance on a single, fatigue‑prone method.
Visibility and Alerts for Suspicious MFA Activity
AuthPoint provides administrators with clear visibility into authentication behaviour, including:
- Repeated denied push requests.
- Unusual login patterns
- Abnormal access attempts
This allows IT teams to:
- Identify MFA bombing attempts early.
- Reset compromised credentials.
- Investigate targeted users before an attacker succeeds.
MFA becomes part of your detection strategy, not just prevention.
Why WatchGuard AuthPoint Is Safer Than Basic MFA
Many MFA solutions rely heavily on user vigilance, which is exactly what MFA bombing attacks exploit.
WatchGuard AuthPoint stands out because it:
- Reduces push abuse at a technical level.
- Adds context and intelligence to authentication.
- Applies adaptive controls instead of blanket MFA rules.
- Integrates seamlessly with Microsoft 365, VPNs, cloud apps, and on‑prem systems.
The result is stronger security without exhausting users.
Final Thoughts: Preventing MFA Fatigue Requires More Than Prompts
MFA is essential, but poorly implemented MFA can be exploited.
WatchGuard AuthPoint addresses MFA bombing and MFA fatigue by:
- Limiting attack opportunities
- Removing attacker control over push prompts
- Helping users make safe decisions.
- Giving IT teams control and visibility
For organisations serious about protecting accounts against modern threats, AuthPoint delivers MFA that works with people, not against them.
Speedster IT recommends WatchGuard AuthPoint if you are interested, contact us immediately on 0203 511 9111.
With over 15 years at Speedster IT, I’ve built a career around helping businesses navigate the evolving world of technology. I publish all the content for the IT Support London Blog and Cyber Security Blog, where I share practical insights on infrastructure upgrades, cybersecurity trends, and smart IT strategies for growing companies.
