MFA Prompt I Didn't Initiate
Discover how to handle unexpected MFA requests, ensuring your account security and understanding the potential threats involved.
Table of Contents
I Received an MFA Prompt I Didn't Initiate - What Does This Mean?
VeritGuard Knowledge Base | Security Incidents
If you receive a push notification, text message, or authenticator prompt asking you to approve a sign-in, but you are not currently trying to log in to anything - this could mean someone else has your password and is attempting to access your account.
What to Do Next
- Deny the prompt. Tap "Deny," "No, this wasn't me," or simply let it expire.
- Contact Verito Support at (844) 629-9899 or itsupport@verito.com. Let us know which account triggered the prompt (Microsoft 365, Google, 1Password, etc.).
- Change your password immediately using 1Password or any other password manager. Choose a new, unique password that you have not used anywhere else.
- If you receive repeated prompts, this may be an "MFA fatigue" attack - where an attacker repeatedly sends prompts hoping you will approve one by accident. Do not approve any of them. Call us immediately.
Why This Happens
An unexpected MFA prompt means someone has entered your correct username and password somewhere. This could happen if your credentials were exposed in a data breach on another website where you used the same password, or if you entered them on a phishing page. The MFA prompt is your last line of defense - as long as you deny it, the attacker cannot get in.
This is exactly why using unique passwords for every account matters. If you use 1Password to generate and store a different password for each site, a breach on one platform cannot be used to access your work accounts.