Specialty contractors often provide subcontractor work by using their own equipment. This creates a complex, multiple tiered need for integration between the technician, accounting and the customer. The ability to provide efficient and high-quality service to your customers gives you an advantage over the competition.
But now you can streamline your field operations with a strong software platform, such as Acumatica. By integrating accounting and payroll with the teams in the field, your company delivers proven efficiencies for employees and customers. Here are some key areas where the right tech tool will significantly improve your customer satisfaction levels with regards to field service management. In this article, you will learn how to improve profits and customer satisfaction with Acumatica.
Mobility in the field
Often, companies who provide service work don’t have a mobile solution for their technicians, meaning clipboards and paperwork are the reality. Eliminating paperwork for time sheets and service work really reduces the risk of double entry errors occurring. Mobility also means every piece of documentation presented to your customer digitally shows the customer a commitment to service excellence.
Imagine the time-savings when a technician in the field, working on a piece of equipment can log time and locate tools just from a smartphone or tablet. What a great way to impress customers with prompt and comprehensive service.
Maximizing field technicians’ time
Routine and preventative maintenance can be scheduled in advance to maximize your technicians’ time. But things come up to upset that schedule all the time. Emergencies must take priority over regularly scheduled service work which can make juggling your technician’s time challenging. Vehicles, tools and inventory need to be available when and where they’re needed. What if your dispatch team could see responses to emergencies and route the technicians for any change in priorities? Yet another way you to generate customer loyalty.
Prompt and accurate invoicing
Billing in a timely manner means you get paid in a timely manner. A full integration between field operations and accounting is so important for this reason. That same mobility that we spoke of before comes into play here. With an integrated solution, field service teams can submit completed jobs immediately to accounting from the field. Enabling your office team to have the information in real-time and turn around accurate invoices fast.
The company that embraces field service work will leverage it as a profit center. Acumatica Field Service is a comprehensive system that is highly customizable. Get scheduling, dispatching, inventory management, accounting, and analysis. Make your field service business effective and deliver the highest level of customer service possible. Because Aktion Associates is a Value-Added Reseller of Acumatica, we’d love to show you this powerful real cloud technology so you can get your field service operations harnessed to make money now and into the future.
Infor CloudSuite Distribution (CSD) has over 200 pre-built events that can provide email notifications to a single user or a group of users in real-time. These notifications are a useful alternative to remembering to run ad-hoc queries or to a colleague telling you on their way to get coffee. The intent is to see the smoke before the fire has started. Don’t leave discovering these important events to chance. Below we’ll discuss some of the available events and best practices for implementing them into your instance of CSD.
CloudSuite Distribution defines an event as something that has happened in the system that is not part of normal day-to-day procedures. There are thousands of activities that happen daily in any given business. CSD gives administrators the ability to focus on the few activities that serve as major pain points and notify the proper user(s) the second it happens.
Some popular event examples include, but are not limited to:
Just because over 200 events exist in CloudSuite Distribution, doesn’t mean a business should implement all of them. An administrator should weigh the severity of the impact that the event will have on the business with the likelihood that the event will occur. In other words, a sales order that is canceled with a tied PO might only occur twice a month, but when it does happen it can cause 6 plus hours of work to clean it up if the event wasn’t caught prior to the order shipping.
Another important consideration is making sure the event goes to the right person to prevent “event fatigue”. Event fatigue is the result of a user receiving so many email events that the importance of an event begins to lose its urgency. CSD can accomplish this, for example, by setting up events to go to the buyer that wrote the purchase order instead of all buyers in the company.
Companies can maximize the value of CloudSuite Distribution events and notifications when they take a surgical approach. Events should be complementary to existing processes and tailored to specific business problems which the company is trying to solve.
Aktion has a team of qualified consultants with deep industry knowledge in applying CloudSuite Distribution events/notifications to specific business problems. Contact us to be put in touch with an Aktion expert consultant to help you put out fires with the use of events before they get started.
Why is real-time data so important in today’s construction industry?
In today’s fast-paced construction industry, a modern financial management system will almost always mean cloud-based financials. It’s tempting to put off change, to stay with the systems that your teams are comfortable with using. However, that approach may come with some risk. As systems become outdated, they require investment – time, money and skill – to maintain. Internal teams may not be connected and working with real-time information, management is unable to make decisions with accurate data.
To stay competitive, construction and real estate companies’ technology strategies are evolving. The real-time data trend has been studied by industry leaders, which is telling for the future. Forward-thinking businesses are architecting a modern technology strategy that includes cloud accounting financials. A recent Deloitte study discusses both these technology strategies and other construction industry trends to keep on your radar.
Here are my top three signs it’s time to move to cloud-based financials:
It’s hard to overstate the importance of real-time data access that you’ll find in cloud-based financials. One single source of truth gives people in the office and field the ability to view job costing, tools and equipment allocations and overall project status updates. Quick and easy reporting makes it much less likely that you’d miss warning signs that a project is losing money or going to take longer than projected.
Contractors who adopt a cloud-based platform that meets all their needs report that they immediately see improvements in workflows and communication. These forward-thinking business leaders have recognized the risk of delaying change and the advantages that a cloud financial system brings to their business.
Aktion Associates has teams of experts who understand the construction industry’s unique demands. We are ready to review your business needs and determine which cloud platform will fit you best. One popular and powerful choice among our customers is Sage Intacct Construction. Because Sage Intacct was born in the cloud, the accessibility and scalability are unrivaled in the construction industry.
Contact us today to begin your journey towards cloud-based financials, real-time data and position your company for growth.
Infor CloudSuite Distribution users enjoy the ability to personalize and customize what data and information each role within the company can see and how they see it. Based on my experience with CSD, below you’ll find a couple of unique tips and tricks for personalizing the user interface in Infor CloudSuite Distribution to improve efficiency and ease of use within the software.
How Personalizing the User Interface in Infor CloudSuite Distribution Works.
Personalization allows for customizing the screen displays to meet a company’s individual business requirements. This is a great way to tailor the screen layout to be more user-friendly and to optimize efficiency while using Infor CloudSuite Distribution. By personalizing the user interface in Infor CloudSuite Distribution, the user can adjust fields, columns, buttons, toolbars, and grids to be hidden, unhidden, highlighted, renamed, resized, and sequenced – anything to fit the user’s unique business style and workflows. Infor CloudSuite Distribution also allows users to change the user interface to a lighter display, a darker display or higher contrast that is easier to read, based on personal preferences.
Can We Have Different Personalizations for Different Departments?
YES! Personalization can be done on a user, profile, or company level. It is possible to create unique profiles per user or department. You can have customized profiles for Customer Service, Purchasing, Accounting and all departments. This personalized layout per department is great because it results in an efficient and uniform workflow for that department or even companywide.
Who Can Personalize in CSD?
Most companies only want to allow access to personalize their screen based on those users who have the experience and knowledge of the system and to keep to corporate branding and appearance standards for the organization. With Infor CloudSuite Distribution’s comprehensive security system, it is possible to allow personalization to be only limited to specific users. Additionally, the security measures will allow and/or prevent users from performing specific tasks based on role and accessibility. Administrators can easily assign who can and can’t personalize.
Can Personalization Be Reversed or Reset?
YES! The System Administrator can view, allow, prevent, or reset all personalizations. Access changes can be made, and roles can be changed easily.
Can Aktion Help Me Personalize My CloudSuite Solution?
YES! Aktion Associates has an entire team of Infor CSD Application Consultants who can guide you through the Personalization process. Aktion can also provide complete training and solutions for all roles and applications needed. Please contact Aktion Associates at 1-800-AKTION (800-425-8466), email@example.com or contact your Account Manager to schedule a personalization consultation.
All accounting professionals dread month-end reconciliation. Between the ticking and the inevitable hunt for a needle in a haystack, this can be a time-consuming and mind-numbing experience. I come from an accounting background and know this all too well. That’s why I’d like to offer you three ways to keep your Infor CloudSuite Distribution (CSD) chart of accounts balanced to simplify the process and save you time.
1: Trial Balance Reports
Out of the box, CSD offers a wide array of trial balance reports. These reports compare the subsidiary total to the general ledger and calculate if they are in balance or not. The reports can be used for reconciliation when in balance.
Popular Reporting Acronyms & Descriptions Inside CSD:
These easy-to-use reports inside of CSD can help with reconciliation documentation as well as pinpoint any discrepancies.
2: Scheduled Reports & Balance History
Another one of my favorite time-saving features inside of CSD is the ability to set up the trial balance reports to run on a schedule. Trial balance report scheduling allows you to print, email, or even save a file of the report. Then when the report is run, it creates a record inside the general ledger. An example that comes to mind is when the AP trial balance runs, the results are stored in the general ledger account inquiry screen under the tab of balance history.
Below you’ll see a variance comparison report showing the difference between the last time it was run and the current report. You’ll notice it also includes crucial data like report total, GL total, and the difference. By running this report daily, you gain the ability to isolate down to the day when reports went out of balance.
3: CSD Events
Topping out our list is a must-use, time-saving feature in CSD called, event manager. Events are basically notifications that specific actions took place. The nice thing about CSD is that it comes with over 100 prebuilt event types that can be configured to fit your business needs.
Suspense postings are made in the general ledger when CSD does not know where to make a specific posting. This can happen for many different reasons, but normally it is related to a GL mapping issue. My go-to event to keep the general ledger clean and balanced is an alert when a suspense posting occurs, which can be emailed or printed at the time of the event. Through the use of events, you can isolate the problem and correct the discrepancy before it muddies your data and creates extra work for you.
Month-end reconciliation may never be a fun process. But if you use these tips inside CSD, you can significantly simplify the process and save yourself quite a bit of time too.
At Aktion, we have an entire team of Infor CSD experts who understand your software inside and out. We know keeping your chart of accounts balanced in CSD can be stressful and time-consuming, that’s why we’re here to help. Contact us to be connected to a qualified CSD consultant to review your current process and provide insight into how you can streamline your processes.
The use of data can help secure better construction project results. Construction is a complex process. Managing each project well requires access to large amounts of information. Smart leaders know exactly what kinds of data they need so they can see what is working and what is not. They know how to capture that data and analyze it, in pieces and as an integrated whole. They share that data with the appropriate decision-makers across the business. Armed with that knowledge, those decision-makers can take action to fix problems and get each project back on the path to optimal profitability.
Even as many contractors embrace the power of data, others remain stuck in the past. For example, these firms use manual, paper-based activities to track project governance and risk controls. This approach does not provide analysis and reporting in real-time. Each project may only be reviewed retrospectively, or after the fact.
The three greatest barriers to profitability in construction are financial difficulties, insufficient labor productivity, and improper planning. All three of these issues can be effectively addressed when firms implement and leverage analytics technology. Firms that invest in this technology can stay on top of each project in real-time, enabling leaders to react, course-correct, and achieve utmost profitability.
Here are a few of the benefits you can reap when you learn to create, store and integrate data:
Want to learn more about how to gain more insight into your operations and deliver your best financial results? An investment in the right technology is the first step. Sage Intacct Construction software is a flexible financial management solution that adapts to your workflows and reporting requirements. It gives you real-time visibility with built-in and adaptable dashboards, reports, graphs, and charts. Multidimensional reporting and dashboards provide faster and deeper insights into accounts, helping your teams work faster and smarter.
You’re welcome to complete Aktion’s Contact Us form to have an industry expert reach out to learn more about the right technology for your construction business.
Tracking the productivity of construction labor takes effort, but when it’s done right, the payoff for contractors is significant. Below you’ll learn more about how contractors gather and act on performance data to reap meaningful gains in profitability.
For many contractors, labor is the biggest cost. That is why so many construction owners devote the time and resources to measure the productivity of every type of labor that goes into a job.
How to Measure Labor Costs:
This will enable you to calculate team performance on each task. Having this data will help you in real time (on each current project), and in the future when you bid for and take on new jobs.
The Importance of Job Costing Visibility
On each project, job costing provides visibility into how labor productivity measures up to the estimated budget, and helps you identify areas that need attention. Here’s another real-time bonus to productivity tracking: when an unforeseen event occurs, such as a pandemic or disruptive weather, you have the data you need to make your case for a change order.
Once you have a storehouse of reliable productivity data, that data becomes an asset for every future project you bid on. Your data will inform every facet of your business. It will give you a benchmark for estimating, budgeting, and scheduling, as well as for performance-based bonus programs. Each step in the process relies on the prior one: estimating informs your budgeting, scheduling, and then labor on the job. Your data can make your bids more competitive – and insulate your profits.
An investment in the right construction technology is step one in mastering how to track your labor productivity. If you have just recently started looking at your software options, Sage Intacct Construction software is a flexible financial management solution that adapts to your workflows and reporting requirements. This next-gen cloud platform gives you real-time visibility with built-in and adaptable dashboards, reports, graphs, and charts. Multidimensional reporting and dashboards provide faster and deeper insights into accounts, helping to save hours per month.
You can learn more about how to avoid unexpected cash flow issues by governing your spending against a budget here. Interested in learning more about using data to maximize your profitability, job after job? Take the first step by talking with Aktion Associates to find the best technology solution for your unique needs.
If you have your own custom code extensions or common libraries that are generic enough for sharing across Acumatica modules, customization projects, or even instances; this solution is also a great option for reusing your own Acumatica custom extended libraries by creating NuGet packages for them.
Seasoned developers are probably aware of the benefits of using a package manager tool for installation and updates of packaged reference files and libraries. Such packages contain reusable code that are published to a central repository for consuming by other programs. The advantages to using such a tool is to maintain any common code in a common location, rather than needing to copy the individual files around and maintain their versions separately and manually. There are many public package managers available for different languages, frameworks, and platforms; such as the popular NuGet, npm, Bower, and yarn. This article focuses on the usage of NuGet because it is the standard package manager for Microsoft.NET – the platform used for Acumatica and its customizations.
Since I began developing customizations in Acumatica five years ago, and also coming from a deep .NET and client/server full-stack background, I’ve always wanted the Acumatica common libraries to be available as a package and have wondered why such packages weren’t already readily available. I have long wanted to fill this void myself in order to simplify the referencing of these libraries for our own custom code extension libraries. I recently was able to set this up for our company, Aktion Associates (an Acumatica VAR and Gold Certified Partner), and I’d like to share with you how this can be accomplished.
What is NuGet?
Stepping back for a moment, NuGet is a .NET package manager that’s integrated with Visual Studio.NET – the Microsoft development environment integrated and recommended for use to author code extensions for Acumatica customizations. NuGet is used to create and share reusable packages from a designated public or private host. https://www.nuget.org/ is the main NuGet Gallery repository to which public packages can be published, and from which .NET projects can consume. Popular packages such as Json.NET – a JSON parser and serializer – can be found here, as well as Microsoft.NET framework packages, and many others. Instead of searching the web for an installation program or the specific download file you need for a third-party library, NuGet can be used to retrieve and install the appropriate package of files and the version required simply by selecting it from its public host. NuGet can also be used for packages hosted privately for use internally for yourself or your company. Since Acumatica libraries are not available publicly via nuget.org, this article explains setting up these common libraries as private packages for use in your own customization projects.
There are many more guidelines for using and configuring NuGet that can be found within its documentation found at https://docs.microsoft.com/en-us/nuget than what is described here.
Using NuGet with Acumatica
To reference a NuGet package in your own customization extended library’s Visual Studio project, open your project in Visual Studio, right-click on the project’s References node in the Solution Explorer, and select the Manage NuGet Packages context menu option. This will open a window like the image in Figure 1, which displays NuGet packages already installed, and those available for install. If you Browse for “Newtonsoft.Json”, for example, from nuget.org, it should display that package in the results. When you select a package, you can then choose a specific version available from the specified package host and install it. That package will then show under your project references and its files can be referenced within your extended code. See Figure 2 for an example of referencing the Json.NET library in a C# Visual Studio project after installing it via NuGet.
Figure 1: NuGet Package Manager in Visual Studio
Figure 2: Referencing Json.NET after installing as a reference
The advantage to referencing libraries via NuGet like this is the simplicity, and allowing it to manage libraries and their versions without needing to do so manually. To then install a newer version of the library, you open the NuGet Package Manager again in Visual Studio from Figure 1, change the version to another available version, and Update. This is how I’d like Acumatica common library references to behave, and which is now possible with the solution outlined below.
Creating a NuGet Package
The first step is to create a NuGet package containing common Acumatica libraries. These common libraries are the most often used when writing a code extension in an external library. They include the following:
I also like to include PX.Data.BQL.Fluent.dll because I prefer using Fluent BQL syntax within code.
The Package Manifest
A NuGet package manifest is created by defining the contents in a .nuspec XML file. The schema for a .nuspec file can be found within its documentation at https://docs.microsoft.com/en-us/nuget/reference/nuspec. The following XML shows an example of the contents of a .nuspec file (e.g. Acumatica.nuspec) for the Acumatica libraries mentioned above.
Within this XML, the package is supplied a name (<id>) and a version (<version>), the files to reference in the destination Visual Studio project (<references>), and the source files to include in the package (<files>). Notice in this example that I’m naming the package Acumatica.PX.Main, and I’m including Acumatica build version 22.100.178 of its libraries.
Creating the Package
The next step is to create the package from the .nuspec package manifest. You can download nuget.exe from https://www.nuget.org/downloads, which is a command-line program used to create a NuGet package from a NuGet manifest. On the command line, the syntax to create the example package using nuget.exe is:
nuget pack Acumatica.nuspec -NoPackageAnalysis
This syntax assumes that both nuget.exe and Acumatica.nuspec is accessible within the current path, so if not, the path for one or both should be specified. The resulting package created from the example should be Acumatica.PX.Main.22.100.178.nupkg.
Additional Package Versions
Now that we have one build version of Acumatica’s common libraries packaged, you can continue creating additional versions as needed or as they are released by Acumatica. To create a new package for the following build version – 22.101.85 – you can repeat the instructions above but replace the version number and include that version of the libraries. You should then end up with a new package named Acumatica.PX.Main.22.101.85.nupkg, and so on.
Setting Up a NuGet Feed
To make a package available for project reference, it needs to be published to a NuGet feed. Since the package is meant for your own consumption, you’ll want to create a private feed for yourself or your organization. A private feed can be a local file share or server, or a remote private hosting service like Azure Artifacts or GitHub Package Registry. At Aktion Associates we use Azure DevOps as our source control repository, so we use Azure Artifacts as our feed host, and this will also be used for examples in this article.
Creating the Feed
To create a NuGet Feed in Azure Artifacts, open the Azure DevOps project in which you want to create a feed and choose Create Feed on the main Artifacts page. The dialog shown in Figure 3 should open. After naming and configuring the feed according to the visibility and scope of your needs, create the feed.
Figure 3: Create New Feed dialog
Publishing to the Feed
Now that you have both a NuGet package and a NuGet feed set up, you can publish the package to the feed. On the main Azure Artifacts page, choose Connect to Feed, then select NuGet.exe as the connection type, and copy the new feed URL shown. Then, on the command line, the syntax to publish the example package using nuget.exe is:
nuget push -Source <feed url> -ApiKey <any string> Acumatica.PX.Main.22.100.178.nupkg
This syntax assumes that both nuget.exe and Acumatica.PX.Main.22.100.178.nupkg is accessible within the current path, so if not, the path for one or both should be specified. The specified package should now be published to the feed and be accessible for referencing according to the configuration of your feed. Figure 4 shows an example private feed and package inside Azure Artifacts after creation and publishing.
Figure 4: Feed created in Azure Artifacts
Using Your NuGet Feed
After publishing your packages to your NuGet feed, you should be able to then reference the package and version from your feed inside your Visual Studio project as described in Using NuGet with Acumatica. In the NuGet Package Manager, add your new package source (i.e. the NuGet feed you created) from the Options dialog opened from the gear icon next to the Package source dropdown. After adding the feed, the published package should display in the list of available packages. Select the package in the list, and then the different published versions should be available in the Version dropdown to choose for installation or update. See Figure 5 for an example of what the Package Manager shows after selecting the package (e.g. Acumatica.PX.Main) in your new NuGet feed.
Figure 5: Selecting a NuGet package and version
Once you choose a package and appropriate version, installing or updating it creates reference to that package’s library versions in your Visual Studio project. See Figure 6 for an example of a C# Visual Studio project after installing the Acumatica.PX.Main NuGet package from a NuGet feed.
Figure 6: Visual Studio project after package installation
Other Acumatica Libraries
You can take this solution further and create additional NuGet packages for other commonly used Acumatica libraries like PX.Api, PX.Caching, PX.Web, etc. and repeat the steps mentioned above for these. Once those packages are created and published to your feed, you will also be able to reference these in the same manner.
Your Own Packages
If you have your own custom code extensions or common libraries that are generic enough for sharing across Acumatica modules, customization projects, or even instances; this solution is also a great option for reusing your own Acumatica custom extended libraries by creating NuGet packages for them. For example, Aktion has our own API custom library which adapts the existing Acumatica API to our own best practices for integration and communication, and we share it across projects via our own private feed.
I hope you find this solution for setting up a NuGet feed for Acumatica library packages useful, and I’d love to hear from you and how you’ve put it into use or adapted it for your own needs. It does require a bit of maintenance to keep package versions updated in your feed, but the efficiency gained by easily referencing and consuming an appropriate library version for your customizations and upgrade needs is substantial and valuable.
A new retail delivery fee took effect in Colorado on July 1, 2022. Retailers will have to collect the $0.27 fee every time they deliver taxable goods to a Colorado address. This will add a layer of compliance complexity for both in-state and out-of-state retailers.
The $0.27 fee, which will be adjusted for inflation, applies to retailers selling taxable tangible goods for delivery by motor vehicle to Colorado consumers, no matter who owns or operates the vehicle used to make the delivery, and whether the delivery originates in Colorado or another state.
Given the number of Prime (and other) delivery trucks zipping around neighborhoods daily, this could be quite lucrative for the state. In fact, it’s expected to generate $16.8 million during fiscal year 2022–23 and $18.8 million in FY 2023–24. Serious online shoppers may feel it the most; though collected and remitted by retailers, the fee is imposed on purchasers.
Businesses subject to the new retail delivery fee — i.e., any retailer registered to make taxable retail sales in Colorado that makes sales for delivery — must register to collect and remit the fee. If you don’t make any sales of taxable tangible property for delivery into Colorado, you’re not required to register.
The Colorado Department of Revenue has confirmed that a person who does not have nexus and therefore does not meet the requirements to collect sales tax is also not required to collect the retail delivery fee.
There’s no license or registration fee, but retailers will need to add a retail delivery fee account through the Colorado Department of Revenue. Information on how to do that will be forthcoming.
Every retailer with a retail delivery fee account will need to separately report the fee on a retail delivery fee return (form DR 1786). Returns are due every reporting period, at the same time as the state sales tax return, even if no deliveries into the state were made during that time.
If there are any silver linings, it’s that only one return will be required for the entire state and electronic filing and payment options will be available.
Fee must be separately stated
Retailers must separately state the retail delivery fee on all customer invoices and receipts.
The fee doesn’t apply when otherwise taxable goods are delivered to a purchaser exempt from the state sales tax, such as a government or charitable organization.
Likewise, the fee doesn’t apply to deliveries of nontaxable goods, including wholesale sales, so long as all the property delivered is exempt from the state sales tax. If a delivery includes both taxable and exempt goods, the delivery fee will apply.
The retail delivery fee is just one of several new fees created by the enactment of Senate Bill 21-260. Others include:
“Funding highway and road construction and maintenance comes mostly from taxes on motor fuel and fees imposed on motor vehicle ownership,” says Scott Peterson, vice president of Government Relations at Avalara. “The tax on motor fuel isn’t a long-term option given the ever-increasing use of electric vehicles and miles per gallon. Many states are studying and talking about how to solve the problem, but Colorado may be the first state to broaden the revenue mix to provide long-term funding. The challenge is the administrative cost it imposes on the businesses that must collect the fees.”
Automating tax collection and remittance can help reduce the burden on businesses. If you currently use Avalara AvaTax and want to learn how it will support the Colorado retail fee, check out the Avalara Help Center.
To improve security with sensitive online personal and corporate accounts, deploying Multifactor Authentication (MFA) is an effective solution at preventing takeovers. There are many Multifactor Authentication (MFA) tactics available that are effective and some are stronger than others. Recent hacking events called MFA Prompt Bombing have shown weaker MFAs are vulnerable.
Not All MFAs are Created Equal
An MFA requires users provide a username and password, and an additional authentication factor – fingerprint, one-time password, security key – before an account can be accessed. MFA implementations rely on a variety of different methods to deliver that second step of validation. Some methods use timed one-time passwords (TOTP), often a six-digit rotating code viewed in an authenticator app on smartphones, or optionally delivered via SMS/text messaging. Other methods may include biometrics or hardware keys to verify our identity. While these methods offer the best security, they can be complex to implement and tedious to use daily.
To reduce the deployment effort, there are less complex – and easier to exploit – methods that can use smartphone apps to receive push-style notifications, which asks if you are really trying to sign in. In other cases, it may even make a phone call to the user which requires a response with a key press. These push-style implementations of MFA are targets for attack. An Ars Technica article by Dan Goodin covers how the recent Solar Winds hackers exploited the push-style MFA by using prompt bombing.
MFA Prompt Bombing Triggers User Fatigue
This style of attack tries to introduce MFA fatigue by relentlessly attempting logins with discovered credentials in the hope that the end-user will eventually get tired of receiving the notices asking if they are trying to log in and simply click “yes it’s me”, either intentionally or accidentally. Since many online providers do not have a limit set on the number of times a MFA request can be sent out, there have been reports of people receiving a hundred notices an hour, sometimes in the middle of the night.
If you have an MFA policy implemented using this type of push notification, the underlying technology is still considered secure as it requires the user to always get notified if authentication is attempted and is still better than not having any MFA at all. However, it is important to be vigilant of the notifications being received. A good resource is this Watchguard blog, How To Avoid MFA Prompt Bombing Attacks.
If you are getting notified about authorizing a login to a trusted system that you are not actively connecting to, always deny the request. In addition, that may mean your credentials could have been compromised as well, which should prompt you to change your password as soon as possible. If a TOTP method is available for your MFA implementation, or biometric options exist (commonly called FIDO2 for Fast Identity Online), moving to this type of deployment can mitigate these attacks designed to trick us. If you have questions about MFA prompt bombing, your MFA deployment, or are interested in improving online security, please contact Aktion Associates so we can match the proper solution to your needs.