https://blog.it-learn.io/tags/mfa/Recent content in Mfa on it-learn.io | IT, Networking & Cybersecurity BlogHugoen-usFri, 24 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-24-mfa-fatigue-attack-push-notification-spam/Fri, 24 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-24-mfa-fatigue-attack-push-notification-spam/<p>The promise of multi-factor authentication was simple: even if an attacker steals your password, they cannot log in without the second factor. That promise holds true against automated credential stuffing. It does not hold against an attacker willing to pick up the phone.</p> <p>MFA fatigue attacks — also called push bombing or push spam — expose the human layer of authentication. They require no malware, no CVE, no zero-day. They require only valid credentials, a flood of push notifications, and occasionally a phone call. In 2022, this technique helped breach Uber, Cisco, and multiple other major organizations. Understanding how it works, how to detect it, and how to eliminate the attack surface is essential for any organization relying on push-based MFA.</p>