Skip to main content
Attackers can exploit and misuse (MFA) alerts to gain access to your systems. Below are some common MFA attack vectors and guidance on how to investigate them.

Find log events of interest

The following log event types are relevant when investigating an MFA attack. They are found in the Auth0 tenant logs.

Mitigation strategies

The following are example responses to attacks against MFA:
  • Migrate to stronger MFA options by replacing SMS/voice-based MFA with OTP or Webauthn to mitigate SMS pumping or toll fraud attacks.
  • Enhance SMS/Voice Provider Security by implementing fraud protection like Twilio’s Preventing Fraud in Verify when using SMS/voice MFA.
  • Avoid MFA fatigue by enforcing push notification rate limits.