Originally published February 21, 2023 in Today at Geneseo
Starting Monday, February 27, approving Microsoft Authenticator MFA push notifications during login will require an additional step: you will be shown a two-digit number in the browser that you must enter into your Microsoft Authenticator app. Microsoft is making this update to protect against MFA fatigue, where attackers generate excessive push notifications, hoping that you will approve one in frustration or confusion. If you receive any unexpected MFA prompts, please select “no, it’s not me” to report it as fraudulent.
Note: This change only affects people who use the Microsoft Authenticator app. If you use other MFA methods—such a browser plugin, text messages, or Google Authenticator app—your sign-in experience will not change.