Adaptive Authentication intelligently identifies malicious attempt based on the defined risk factors and prompt the consumers to complete an additional step to verify their identities
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Adaptive risk based authentication
1. Adaptive/Risk-Based Authentication
Adaptive authentication is a mechanism for sending alerts or prompt
customers to complete a further step(s) to validate their identity when an
authentication request is considered malicious in compliance with the
security policy of your company. It allows users to log in with a username
and password while offering a security layer when a malicious attempt is
made to access the system without any additional authentication barrier.
2. Malicious Attempt Factors
Adaptive Authentication analyzes the user interaction with your application
and intelligently builds a risk profile based on the consumer behavior or your
organization's security policy. The system creates a user. You can define the
risk factors in one of the following ways:
Pre-defined Factors
You can define one or more risk factors based on your business requirements:
User Role: Employees with higher user positions can carry out sensitive
measures in the system; thus you can ask them to take more steps to
authenticate them. Employees with lower user positions pose a lower security
risk and can log into frictionless user experience with usernames and
passwords. Susceptible resource access: Often, when attempting to access a
confidential resources like financial statements, employees may be asked to
perform more authentication measures
Perform sensitive actions: If workers attempt to conduct confidential acts
such as editing or deleting actions for sensitive information, further measures
may be taken to verify their identity.
Location: The employees are trying to login into a system using a public
network instead of the office network.
3. Device: If employees use their personal laptop instead of using a
company-issued laptop.
Dynamic Factors
Most systems build a risk profile based on a consumer's recent interaction
with your applications. The system generally leverages machine learning to
create this profile on the fly. Here are the common risk factors:
Country: The system can trigger actions and notifications if the consumer is
logged in from a different country. e.g., If the consumers travel outside of
their country of residence and try to access the system, some financial
instructions like credit card companies block the access for the consumers to
the system. These companies require you to inform the companies before
leaving the country to whitelist the country for your account in the system.
City: If the consumer has logged in from a different city than he usually logs
in from, it will trigger Adaptive Authentication. Once the consumer
completes the Adaptive Authentication for the new city, the city can be added
to the system for future Logins without the Adaptive Authentication.
Device: The request is flagged as malicious under the Adaptive
Authentication if the user is trying to login from a new computer. When the
user has completed the adaptive authentication for the new device, without
4. Adaptive Authentication it is possible to add a city to the system for future
login.
Browser: The authentication try is considered malicious if the user logged in
from the browser of Chrome and attempts at unexpectedly logging in from
the browser of FIREFOX. When the user completes the Adaptive
Authentication phase, the browser will be listed whitelisting potential
consumer authentication attempts.
Combination of Factors
You can also combine the Pre-defined factors (as mentioned above) and
Dynamic factors to trigger the Adaptive Authentication.
Learn in detail about how adaptive authentication works in this article.