[asd4]

The security researcher in the article was concerned about accidently confirming the prompt on his watch.

I don't think its a matter of being "smart enough". Human error can easily creep in when dismissing 10's or 100's of prompts.

[hunter2_]

The prompt UX should step into a special "bombed" mode when a frequency threshold is crossed, at which point accepting a prompt has fat-finger protection such as double confirmation steps, and declining all (or perhaps all that share a commonality, like same initiating IP address) becomes possible.

[lazide]

Or you know, not allow this kind of brute forcing at all?