Push Fatigue Attacks Succeed 5% of the Time, Surge in the Morning, Researchers FindMultifactor authentication is a must-have security defense for repelling outright credential stuffing and password spraying attacks. But no defense is foolproof. Attackers have been refining their tactics for bypassing MFA, including using technology and trickery.
Mine can do push but it also requires a code to be inputted from wherever the log in point is. Sounds like either shoddy MFA or incredibly dense users.