{"id":59563,"date":"2022-11-01T17:13:18","date_gmt":"2022-11-01T09:13:18","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=59563"},"modified":"2022-12-02T18:13:37","modified_gmt":"2022-12-02T10:13:37","slug":"how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/11\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\/","title":{"rendered":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"59563\" class=\"elementor elementor-59563\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<article class=\"is-type-body-default is-important\"><p>Organizations turn on <a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">multi-factor authentication (MFA)<\/a> to secure access to corporate resources and increase their security posture.\u00a0<\/p><p>IT admins like using push notifications MFA for several reasons. Since most users have smartphones in their pockets at all times, push notifications offer minimal user friction. They are also ubiquitous (admins can enable them across different kinds of resources and endpoints unlike other methods) and offer security against \u201cman in the middle\u201d attacks.\u00a0<\/p><p>Recently, this trusted security measure has been facing a new kind of attack known as <em>push bombing<\/em> or <em>MFA fatigue<\/em>. Keep reading to learn more about how to reduce your risk.<\/p><h2>What Is Push Bombing and MFA Fatigue?<\/h2><p>When an organization uses push MFA, the user is required to approve the login or access request sent to their personal device in the form of a push notification. This is just one way (of many) to verify the user\u2019s identity, but preferred given its UX benefits.<\/p><p>Push bombing is a method where an attacker uses a script or a bot to trigger multiple login attempts with stolen or leaked credentials and trigger a SPAM of multiple push notifications to the user\u2019s mobile device.\u00a0<\/p><p>Here\u2019s how it works:\u00a0<\/p><ol><li>An attacker repeatedly sends a user endless push notification streams with the intent to exacerbate them into accidentally approving the prompt.\u00a0<\/li><li>Understandably, the user feels a sense of fatigue, and it\u2019s easy to make mistakes out of frustration. <em>They accept the prompt.<\/em><\/li><li>Unfortunately, the trick works extremely well for account take over and breaches. <em>The attacker now has access to the account in question.<\/em>\u00a0<\/li><\/ol><p>Alternatively, an attacker may also contact the user impersonating as an IT admin and convince them to approve the login attempt.<\/p><h2>How JumpCloud Protect Helps Admins Combat Attacks\u00a0<\/h2><h3>Stronger Password Policy<\/h3><p>Push attempts are triggered after an attacker gains access to a user\u2019s password. The weaker the password the more likely an attacker is to obtain it through brute force and social engineering techniques.\u00a0<\/p><p>IT admins can use JumpCloud\u2019s password settings to adopt a stronger password policy that meets the following requirements:<\/p><ul><li>Greater than or equal to12 characters in length, including alphanumeric<\/li><li>Upper and lower case combinations<\/li><li>Changes password every 90 days<\/li><\/ul><p>Admins should also use <a href=\"https:\/\/www.ibm.com\/docs\/en\/aix\/7.2?topic=passwords-password-aging\" target=\"_blank\" rel=\"noreferrer noopener\">password aging<\/a> to reduce risks due to re-use of older, leaked, or stolen credentials that a hacker may have obtained. Here\u2019s what the Password Settings look like in the JumpCloud management portal:\u00a0<\/p><figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-71055\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1-300x157.png 300w\" alt=\"screenshot of password settings\" width=\"512\" height=\"268\" \/><\/figure><figure class=\"wp-block-image size-full\"><img decoding=\"async\" class=\"wp-image-71056\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/2-1.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/2-1.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/2-1-300x50.png 300w\" alt=\"screenshot of password aging\" width=\"512\" height=\"85\" \/><\/figure><p>Admins can also use <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud\u2019s password manager<\/a> to manage their user\u2019s passwords, which reduces the friction associated with using lengthier passwords with increased security posture. JumpCloud Password Manager eliminates the need to remember a master password thereby reducing the risks due to password leaks or breaches.<\/p><h3>Account Lock-Out<\/h3><p>Admins can use JumpCloud\u2019s account lock-out settings to set a limit for password and Push MFA retries. A user\u2019s account will be locked if the user denies a login request sent in Push notification for a specified number of consecutive\u00a0 attempts as determined by the settings. Admins can auto unlock the account after a certain duration to reduce user friction.\u00a0<\/p><figure class=\"wp-block-image size-full\"><img decoding=\"async\" class=\"wp-image-71057\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/3-1.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/3-1.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/3-1-300x97.png 300w\" alt=\"screenshot of password lockout\" width=\"512\" height=\"165\" \/><\/figure><h3>Mobile Biometric<\/h3><p>Admins can activate mobile <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-biometric-authentication\">biometric<\/a> on Push MFA, so that a user is required to use their fingerprint or face recognition as an additional factor to approve a login request. Here\u2019s a look at what both the admin and user sees during this process:<\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71066\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/4-3.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/4-3.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/4-3-300x110.png 300w\" alt=\"screenshot of JumpCloud protect mobile push\" width=\"512\" height=\"188\" \/><\/figure><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71068\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/5-2.png\" sizes=\"(max-width: 288px) 100vw, 288px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/5-2.png 288w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/5-2-169x300.png 169w\" alt=\"screenshot of login request\" width=\"288\" height=\"512\" \/><\/figure><h3>Conditional Access<\/h3><p>Admins can leverage JumpCloud <a href=\"https:\/\/jumpcloud.com\/press\/jumpcloud-introduces-conditional-access-policies-to-its-directory-platform-making-it-easier-for-businesses-to-adopt-a-zero-trust-security-model\" target=\"_blank\" rel=\"noreferrer noopener\">conditional access policies<\/a> for user portal and SSO application login attempts to restrict access from trusted devices or allow access only from the locations where an employee lives or places of travel. Simply select the Conditional Access option from the platform\u2019s left-side navigation to open Conditional Access settings:<\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71061\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/6-1.png\" sizes=\"(max-width: 410px) 100vw, 410px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/6-1.png 410w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/6-1-300x165.png 300w\" alt=\"screenshot of policy resource\" width=\"410\" height=\"226\" \/><\/figure><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71062\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/7-1.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/7-1.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/7-1-300x98.png 300w\" alt=\"screenshot of conditions\" width=\"512\" height=\"168\" \/><\/figure><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71063\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/8-1.png\" sizes=\"(max-width: 512px) 100vw, 512px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/8-1.png 512w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/8-1-300x90.png 300w\" alt=\"screenshot of action for access\" width=\"512\" height=\"153\" \/><\/figure><h3>App and Location Information on Push Notifications<\/h3><p>Admins can educate their users to check the application name for which the access request is made or the location from where the request was made before approving the request.\u00a0<\/p><p>While application name or a granular location information may not always be available, when it is present it will help flag potentially fraudulent access requests.<\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71064\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/9-1.png\" sizes=\"(max-width: 288px) 100vw, 288px\" srcset=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/9-1.png 288w, https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/9-1-169x300.png 169w\" alt=\"screenshot of login request\" width=\"288\" height=\"512\" \/><\/figure><h2>Avoid Account Takeovers with JumpCloud<\/h2><p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/08\/20\/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">As reported by Microsoft<\/a>, requiring MFA has been shown to reduce\u00a0 account takeover attacks by 99%. While MFA does offer resistance to attacks, hackers have, unfortunately, found a way to circumvent them with push bombing and MFA fatigue.\u00a0<\/p><p>So, it\u2019s important for organizations to employ additional precautions such as adding phishing-resistant email tools and filters, educating users on stronger password practices for their personal and work accounts, and implementing stronger security practices to avoid security breaches.<\/p><p>JumpCloud continuously adds new features that increase the security posture of the platform to give IT admins and organizations peace of mind. IT admins can also better protect their organizations by adopting JumpCloud recommendations, starting with enforcing stronger <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/Password-Settings-in-the-JumpCloud-Admin-Portal\" target=\"_blank\" rel=\"noreferrer noopener\">password policies<\/a>.<\/p><p><strong>Ready to experience the ease of JumpCloud for your IT needs?<\/strong><\/p><p><a href=\"https:\/\/jumpcloud.com\/platform\/mdm\" target=\"_blank\" rel=\"noreferrer noopener\">Click here to start your free account today.<\/a><\/p><div class=\"blog-post-tags m-t-2\"><ul class=\"blog-post-topics-list\"><li class=\"blog-post-topics-list-item\"><a class=\"blog-post-topics-list-link is-type-body-default is-important is-type-weight-semi-bold has-text-navy\" href=\"\/blog?topics=best-practices\">Best Practices<\/a><\/li><li class=\"blog-post-topics-list-item\"><a class=\"blog-post-topics-list-link is-type-body-default is-important is-type-weight-semi-bold has-text-navy\" href=\"\/blog?topics=how-to\">How-To<\/a><\/li><\/ul><ul class=\"blog-post-collections-list\"><li class=\"blog-post-collections-list-item\"><a class=\"blog-post-collections-list-link is-type-body-tiny is-type-weight-semi-bold is-important security\" href=\"\/blog?collections=security\">Security<\/a><\/li><\/ul><\/div><\/article>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"57539\" class=\"elementor elementor-57539\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b25dc0d elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6b25dc0d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3cc1b37d\" data-id=\"3cc1b37d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52c4a230 elementor-widget elementor-widget-text-editor\" data-id=\"52c4a230\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About JumpCloud<\/strong><br \/>At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Organizations turn on multi-factor authentication (MFA) [&hellip;]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[488,1016,61],"tags":[489,1017],"class_list":["post-59563","post","type-post","status-publish","format-standard","hentry","category-488","category-jumpcloud","category-press-release","tag-489","tag-jumpcloud"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2\" \/>\n<meta property=\"og:description\" content=\"Organizations turn on multi-factor authentication (MFA) [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-01T09:13:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-02T10:13:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks\",\"datePublished\":\"2022-11-01T09:13:18+00:00\",\"dateModified\":\"2022-12-02T10:13:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\\\/\"},\"wordCount\":842,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jumpcloud.com\\\/\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/1-1.png\",\"keywords\":[\"2022\",\"JumpCloud\"],\"articleSection\":[\"2022\",\"JumpCloud\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\\\/\",\"url\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue\",\"name\":\"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jumpcloud.com\\\/\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/1-1.png\",\"datePublished\":\"2022-11-01T09:13:18+00:00\",\"dateModified\":\"2022-12-02T10:13:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#primaryimage\",\"url\":\"https:\\\/\\\/jumpcloud.com\\\/\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/1-1.png\",\"contentUrl\":\"https:\\\/\\\/jumpcloud.com\\\/\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/1-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jumpcloud.com\\\/blog\\\/push-bombing-mfa-fatigue#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue","og_locale":"zh_HK","og_type":"article","og_title":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2","og_description":"Organizations turn on multi-factor authentication (MFA) [&hellip;]","og_url":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue","og_site_name":"Version 2","article_published_time":"2022-11-01T09:13:18+00:00","article_modified_time":"2022-12-02T10:13:37+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"7 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/11\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks","datePublished":"2022-11-01T09:13:18+00:00","dateModified":"2022-12-02T10:13:37+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/11\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\/"},"wordCount":842,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png","keywords":["2022","JumpCloud"],"articleSection":["2022","JumpCloud","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/11\/how-to-avoid-account-takeover-risks-from-push-bombing-and-mfa-fatigue-attacks\/","url":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue","name":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png","datePublished":"2022-11-01T09:13:18+00:00","dateModified":"2022-12-02T10:13:37+00:00","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/10\/1-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"How to Avoid Account Takeover Risks from Push Bombing and MFA Fatigue Attacks"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fuH","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=59563"}],"version-history":[{"count":3,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59563\/revisions"}],"predecessor-version":[{"id":59657,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59563\/revisions\/59657"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=59563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=59563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=59563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}