Summary

  • Microsoft Authenticator suppresses shady login attempts by detecting anomalous signals and asking users to manually confirm the login.
  • This approach reduces unwanted notifications and increases security, preventing MFA fatigue attacks.
  • The implementation has been silently implemented on the backend, benefiting many users without their knowledge.

Microsoft Authenticator is a fairly versatile and convenient app - albeit with some issues - offering multi-factor authentication (MFA) capabilities for various services. The Redmond tech firm also heavily promotes it as a way to go completely passwordless on your Microsoft account. However, the cybersecurity landscape evolves dynamically, and now, Microsoft has detailed how it is suppressing shady login attempts via Authenticator itself.

A blog post penned by Microsoft's VP Director of Identity Security Alex Weinert describes how the company has been successfully suppressing anomalous login attempts that serve pop-up notifications via Authenticator. The rollout for this process was completed in September, with over six million unwanted login attempts - mostly hacker-initiated - being prevented since then.

Basically, under normal circumstances, if you attempt to log in to an account or a service, you'll be asked to approve the sign-in attempt via a pop-up Authenticator notification. However, if Microsoft detects some anomalous signals in the login attempt, such as origination from an unfamiliar location, the firm will intentionally suppress the attempt and you won't receive a notification. Instead, you'll be asked to manually open the app and confirm the login attempt. It is important to note that only the pop-up notification is suppressed, the login attempt isn't deleted.

Microsoft has emphasized that the implementation of this approach has led to fewer unwanted notifications being sent to end-customers, which not only ensures smoother workflows but also increases security. This process also reduces the chances of MFA fatigue attacks, in which a malicious actor gains access to your credentials and then continuously sends MFA prompts to you until you accidentally approve an attempt and give access to your account. It's also interesting to see that this is a change that has been silently implemented on the backend without much fanfare, which means that many customers have likely been reaping the benefits of this implementation without even realizing it.