Problems with Multifactor Authentication

2021-10-21 11:25

It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in.

When the VP was asked why he approved logins for logins he was not actually doing, his response was, "They told me that I needed to click on Approve when the message appeared!".

The VP did not understand the importance of why it was so important to ONLY approve logins that they were participating in.

Most likely, IT assumed that anyone would naturally understand that it also meant not approving unexpected, unexplained logins.

Did the end user get trained as to what to do when an unexpected login arrived? Were they told to click on "Deny" and to contact IT Help Desk to report the active intrusion?

Or was the person told the correct instructions for both approving and denying and it just did not take? We all have busy lives.

News URL

https://www.schneier.com/blog/archives/2021/10/problems-with-multifactor-authentication.html

#authentication