Microsoft begins pushing number matching MFA on Authenticator starting today

A Microsoft logo on a grey background with a padlock icon in a circle on the right

MFA has shown in the past that its is exploitable. In August of 2022, Microsoft email users, even those with MFA on, were falling to a new phishing attack. Only a couple of weeks later, there were reports of hackers bypassing MFA and brute forcing passwords. Then there's also MFA fatigue or MFA spamming or push bombing attacks, which bombards the user with MFA push notifications in hopes that a user accepts the request and gives access to a threat actor by mistake.

To combat such attacks, Microsoft introduced "number matching" as an additional step in its Microsoft Authenticator app to enhance the security provided by Multi-Factor Authentication (MFA) last year. And from today, May 8, 2023, the Redmond giant is enforcing number matching for all users. Hence, users will need to enter the number provided into their Authenticator app when signing in. Here's an example image provided by Microsoft:

MFA number matching on Microsoft Authenticator app

The support article notes:

Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting May 8, 2023.

We highly recommend enabling number matching in the near term for improved sign-in security. Relevant services will begin deploying these changes after May 8, 2023 and users will start to see number match in approval requests. As services deploy, some may see number match while others don't. To ensure consistent behavior for all users, we highly recommend you enable number match for Microsoft Authenticator push notifications in advance.

You can find more details about Number Matching on Microsoft's official website.

Report a problem with article
An image with a colorful Windows 11 logo and dimmed background
Next Article

Windows 11 is about to start showing more ads, this time in Settings [Update]

Western Digital logo
Previous Article

Western Digital admits "personal information" was taken during recent attack on its network

Join the conversation!

Login or Sign Up to read and post a comment.

5 Comments - Add comment