Push Fatigue Attacks Succeed 5% of the Time, Surge in the Morning, Researchers FindMultifactor authentication is a must-have security defense for repelling outright credential stuffing and password spraying attacks. But no defense is foolproof. Attackers have been refining their tactics for bypassing MFA, including using technology and trickery.
Why would my MFA app be able to push something? I open it when I need it.
Mine can do push but it also requires a code to be inputted from wherever the log in point is. Sounds like either shoddy MFA or incredibly dense users.