Number matching is an MFA mechanism that requires the user to enter or select a displayed number to confirm they initiated the login request. It matters because simple approval buttons are easier to approve by accident or under attacker pressure.
What is Number Matching?
With number matching, the user sees a number on the login screen and must enter or confirm the same number in the authentication app. This adds context and intent, making it harder for attackers to succeed with blind push approvals.
What Number Matching Commonly Helps Prevent
Common benefits include reduced MFA fatigue success, fewer accidental approvals, stronger user confirmation, and better resistance to prompt bombing attacks.
Number Matching vs. One-Tap Approval
One-tap approval asks the user only to approve or deny. Number matching adds a small confirmation step that makes unauthorized approvals less likely.
Frequently Asked Questions
Why is number matching useful?
Because it adds friction in the right place and helps users recognize whether they actually initiated the request.
Does it replace stronger factors?
No. It improves push-style MFA, but phishing-resistant methods can still offer stronger protection.
Related Cybersecurity Terms
