PUSHY PAIGE
If you keep tapping ‘Approve’, she wins.
THREAT TYPE
THREAT LEVEL
Pushy Paige doesn’t crack passwords. She cracks patience. She hammers your phone with login approval requests until you’re tired, distracted, or fed up enough to hit “Approve” just to make the noise stop. One tap, and she’s through the door.
MFA fatigue happens when an attacker already has your password, then repeatedly attempts to log in to trigger push notifications from an authenticator app. Your phone lights up again and again with approval prompts. The goal is to pressure you into approving by mistake, or at the worst time, like when you’re busy or half asleep. Once approved, the attacker gains access and can change passwords, add their own MFA, and lock you out.
REWARD
55,000
Ranger’s Rules for Riding Safe Online
-Never approve a login you didn’t start. One tap is enough to lose the account.
-If you get a surprise prompt, assume your password is compromised and change it immediately.
-Turn on number matching or extra verification in your authenticator where available.
-Use a password manager and unique passwords so one leak does not spread.
-Tell your team: MFA prompts are not harmless. Treat them like a break-in attempt.
