Common IT & cybersecurity questions
What is MFA, and what is "MFA fatigue"?
Multi-factor authentication (MFA) adds a second step to signing in — usually approving a prompt on your phone or entering a code — on top of your password. Because a stolen or guessed password alone is no longer enough to get in, MFA blocks the overwhelming majority of account-takeover attacks. It is essential for every business account and absolutely non-negotiable for administrators.
Why passwords alone fail
Passwords leak constantly — through data breaches at other companies, phishing, and reuse across sites. Attackers buy stolen credentials in bulk and try them automatically. MFA means that even a correct, stolen password hits a second locked door. It is the single highest-value security control most businesses can turn on.
What is MFA fatigue?
MFA fatigue (or "MFA bombing") is a trick used by attackers who already have your password. They trigger sign-ins over and over, spamming your phone with approval prompts, hoping you'll eventually tap "approve" out of annoyance, habit or confusion — which hands them straight in. It has been behind several high-profile breaches, precisely because it targets the human, not the technology.
How to defend against it
- Number-matching MFA — instead of a simple approve/deny, you type a number shown on the sign-in screen, so you can't approve by reflex and a random prompt is useless to an attacker.
- Phishing-resistant methods — passkeys or FIDO2 security keys, which can't be tricked or fatigued at all.
- Staff awareness — a simple rule: never approve a prompt you didn't personally start, and report unexpected ones, because an unexpected prompt means someone already has your password.
We configure MFA properly across Microsoft 365, harden the sign-in policies with Conditional Access, and make sure the safest methods are the default rather than an option nobody chooses. To review your MFA setup, call (08) 9325 1196.
Still have a question?
Talk to a Perth-based IT specialist — a free, no-obligation chat about your setup.
Related questions
- Windows 10 support has ended — is it safe to keep using it?
- Do I really need Microsoft 365, or can I keep using free email?
- Why are our emails going to spam or being marked as spoofed?
- Is our Microsoft 365 data (email, OneDrive, SharePoint) backed up automatically?
- Is it safe for staff to use ChatGPT or Copilot at work?