When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was before I realized that a non-small percentage of users would willingly approve logins they otherwise had nothing to do with, once again undermining the best intentions of the latest technology with unexpected human behavior. This is the unstoppable, repeatable story of cybersecurity.