Adaptive Authentication, also called risk-based or contextual authentication, analyzes multiple things by considering context and behavior when authenticating and uses these values to assign a level of risk associated with the login attempt.
- From where is the user when trying to access information?
- When are you trying to access company information? During your normal hours or during “off hours”?
- What kind of device is used? Is it the same one used yesterday?
- Is the connection via private network or a public network?
The risk level is calculated based upon how these questions are answered and can be used to determine whether or not a user will be prompted for an additional authentication factor or whether or not they will even be allowed to log in. That’s why another term used to describe this type of authentication is risk-based authentication.
- Reduced user friction – When a user is repeatedly asked for a password, an otp, and a biometric, day after day after day, to log in to a single application, it becomes trying. On the one hand the only way to maintain a high level of security is to use multiple authentication factors, but on the other hand – is it really necessary? With adaptive authentication, users can login with just one factor if they fulfil requirements – such as logging in from the office network and be required to provide other factors only if they are logging in from a different country, at an odd hour, or from home (or a combination of all 3). This way security can be maintained, and users can experience less fatigue and confusion when it comes to logging in to work resources.
- Enhanced security – Adaptive authentication does more than just provide context-based step-up authentication. It can enhance security using analytics and by assessing risk. Is the IP that a user is attempting to login from amongst a blacklist of untrustworthy IPs? The login attempt can be blocked entirely. Or did the user just attempt to login from the US when his or her last login, just a few minutes before, was from Europe? This too can be blocked. There are a host of risk-based authentication protocols that are possible, and new ones keep coming.