Description
Starting February 27, when using the Microsoft Authenticator app with Azure MFA, you’ll be prompted to enter a number shown on your screen to complete your login. This article shows you what this number-matching process looks like.
Environment
Smartphone with the Microsoft Authenticator app installed, computer
About
Microsoft is launching the number-matching update to comply with new MFA regulations from the U.S. Cybersecurity Agency that protect your account from hackers. These regulations prevent a new form of hacking called MFA fatigue attacks. During an MFA fatigue attack, a hacker steals your password in a phishing attempt and spams you with MFA push notifications, hoping that you’ll let them access your data. Authenticating through number-matching prevents this type of attack.
Note: This update impacts anyone who uses the Microsoft Authenticator app to authenticate. It is not possible to opt out of number matching when using the app. However, if you use a phone call or text message (SMS) to authenticate, you will not be impacted by this update.
Procedure
-
After February 27, 2023, navigate to any online application requiring your OHIO log-in (ex: Catmail, Blackboard, etc.).
-
Enter your OHIO email address and password.
-
You will receive a push notification on your phone from the Microsoft Authenticator app.
-
Select the push notification on your phone.
-
You will then see a number on your device’s screen.

- Enter this number in the Authenticator app and select Yes.

Outcome: You have successfully authenticated your log-in via number matching on the Microsoft Authenticator app.
Note:
-
You can still select Remember me for 90 days at any online OHIO log-in screen.
-
Apple Watch is no longer compatible with the Authenticator app due to this security update.
-
When you connect to campus VPN, you will receive a push notification instead of being prompted to number-match.
Tip: Do not accept any authentication requests that you do not recognize. You can view your account's log-in history by opening the Microsoft Authenticator app and selecting Review Recent Activity. You can also navigate to myaccount.microsoft.com and select My sign-ins. If you do not recognize the log-in device or location, you should reset your password immediately.
Additional Resources:
Get help from OIT