Goal: Disrupt and delay attackers attempting to bypass Multi-Factor Authentication (MFA).
Approach: Presenting attackers with deceptive MFA prompts.
When an attacker attempts to log in, present them with an unexpected MFA prompt, even if they have valid credentials. This can be a fake push notification, a request for a non-existent biometric scan, or a challenge question with no right answer.