Microsoft has suppressed pop-up notifications Authenticator login which will not be displayed in cases where you suspect that it is an anomalous request, although they will be recorded in an internal log of the application.
Authenticator is an application multifactor verification that provides a additional layer of sign-in security using your Microsoft account. Last year, it increased protection with the introduction of ‘number matching’, which prevents accidental approval by requiring the user to enter a two-digit code from the login screen in the app.
This feature directly combats so-called fatigue attacks that is, those who take advantage of the lack of attention that users show in simple approvals, where you receive a push notification to click or enter a PIN to approve the login.
This type of attack is capable of bypassing multi-factor authentication by attempting to repeatedly log in with credentials previously stolen by a cybercriminal, resulting in a constant sending of approval requests to the victim’s cell phone. The arrival of notifications can lead the user to accept one of them by mistake or without thinking, then giving access to their account to malicious third parties.
After “successfully thwarting” multifactor fatigue attacks, Microsoft has incorporated a new advanced protection in Authenticator, which suppresses pop-up notifications from the ‘app’ when it detects that a request is abnormal.
When the user initiates a login request, they see a pop-up notification on their mobile phone, prompting them to approve the action. If this person has not initiated the verification process, he or she may put the security of your account at risk if you accept.
Therefore, the new protection, if you detect that the login is requested from a location that is not the usual one or any other anomaly, will not show approval notification login, but another one in its place that urges you to open the application and enter a number that is displayed on the mobile screen.
Al open the app the user will see, here, the login notification, only this time it includes information such as an email, the application you want to access, and the location from which the request was made. If everything is correct and it is the user who is trying to access, they can approve the process. Otherwise, he only has to indicate that he is not the one who requested it.
Pop-up notifications are suppressed, i.e. not displayed, but not completely removed, since you can recover them within the application, as Microsoft has explained on its official blog. “The app serves as a repository for all Authenticator notifications, ensuring users have a convenient way to recover any lost requests.”