Skip to main content
Business woman receiving an unexpected MFA authentication request on her phone.

Reliable cybersecurity for small businesses requires a layered approach, and multifactor authentication (MFA) is a key layer in any security setup. While it can become routine to authenticate when you log in to your accounts, it is important to know what to do when your MFA is showing you signs of an attack. Unexpected MFA requests are alarming to see because it means your account’s credentials may have already been compromised, but MFA is meant to be the last line of defense for your account, and here are a few best practices that you should follow when you receive an unexpected authentication request!

Why is an MFA Request Appearing?

An unexpected MFA request can come in for a variety of reasons, but few of them are good. First and foremost, you should never assume that it is simply an error or an old request that has just come through late. This is extremely unlikely to happen, and the risk of accepting an unexpected MFA request is too great because it is most likely a malicious actor trying to gain access to your account. Upon receiving an MFA request that you did not actively submit while in the process of logging in, you should assume your credentials have been compromised and that hackers are trying to access your account or perform an irritation attack to gain access.

Immediate Responses

Your first response should always be to reject the multifactor authentication request without exception. If the MFA you use has a dismiss button or the ability to report fraudulent login attempts, then this option should be used immediately. Any additional requests should be rejected as well, and if you receive a high number of requests, then you can be confident that you are being targeted by an irritation attack and should silence your phone or turn it off if you cannot immediately change your password because of the spam authentications. As soon as you are confident that you can login and authenticate without accidentally accepting an attacker’s request, change your password.

Follow-up Responses

For proper follow-up with your business’ IT department or trusted IT consultant, make sure to pay attention to the number of authentication requests you received during the attack. A high number of them means the person managing your MFA may need to put a cap on the number of requests possible in a short amount of time. You should work with your IT department or IT consultant to determine how your account was compromised and follow their guidance on any additional passwords that may need to be changed. If you have reused the password from the compromised account, then you should change the passwords on those accounts and avoid reusing passwords in the future.


Your company may have policies in place that require you to perform additional actions in the event of unexpected authentication requests, and you should know what these are and follow them correctly. If your company needs to improve its multifactor authentication protection or implement strong policies that will keep your network safe, then you should consider working with a small business IT consultant like Robinett Consulting. Every member of our team prides themselves on bringing high quality cybersecurity to small businesses, and our passion is to bring your small business the enterprise level IT infrastructure it deserves!

Robinett Consulting

Author Robinett Consulting

At Robinett Consulting, we are your consultative partner who strives to grow your business and have technology truly enabling you. We aim to understand you and your business so that you do what you do best unhindered by your IT.

More posts by Robinett Consulting