Security is often described as a continuum between convenience and safety. A system that requires ten layers of authentication may be very difficult to attack, but it may also be so inconvenient that it will never be used. At the opposite end, a system with no means of authentication or authorization is highly convenient for users but also highly insecure. Many systems now offer an option for Multi-Factor Authentication (MFA), which uses at least one additional piece of information beyond or in place of the traditional username and password combination. Some MFA systems may involve additional devices such as mobile phones and tablets. These MFA systems may ask the user to enter a code sent to a mobile device or to take an action on the mobile device that is then transmitted back to an authentication server to complete the login process.
One downside of MFA systems that involve mobile devices is that repeated illegitimate login attempts by malicious third parties may cause a flood of push authentication requests to the mobile device, annoying users. Some traditional systems may allow a user to block requests from being pushed to their mobile device. However, these traditional systems may be all or nothing filters that cannot allow legitimate push authentication requests through while blocking spam requests. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for blocking push authentication spam.