Adaptive Authentication – The Future of Web Authentication

By | August 26, 2018

One of the challenge for today’s IT security professionals is to protect data from unauthorised access. With passwords becoming easily ‘hackable’, organisations are shifting towards Multi Factor Authentication which includes an additional security question, SMS, voice calls etc. The main challenge with Multi Factor Authentication is that one size does not fit all and friction from the users as this affects usability.  To balance between managing risk and user convenience, Adaptive Authentication comes to rescue.

What is Adaptive Authentication ?

Adaptive authentication is a risk based multi-factor authentication technique. It is a method of selecting right authentication factors depending on the user’s risk profile and behaviour.
Some of the parameters that Adaptive authentication should look for accessing risk include:     

Device Fingerprinting

  • New device
  • Type of OS
  • New or infrequently used OS
  • New or infrequently used browser

Geographic Location

  • Blacklisted country
  • New country or city
  • User changed from one country to another in a short time

Network Anomalies

  • IP reputation
  • Tor network
  • Blacklisted IP address
  • New IP address

Time Anomalies

  • Unusual time of day
  • Unusual user movement
  • Access from two distinct locations

Behavioural Anomalies

  • User is accessing something that he has never done before.
  • User logging outside business/regular hours.

MultiFactor Authentication like OTP, biometric can improve security but may not be as user friendly and convenient as the users would like. Adaptive Authentication evaluates each access request and only steps-up the authentication when it finds a logon as a risk. Adaptive authentication adds a layer of security, helping companies protect their data from unauthorised access, while allowing users to access the system without frustrating them. However, adaptive authentication is still at a nascent stage and there is still a lot to be done.

We can say that Multi-Factor Authentication is the present while Adaptive Authentication is the future of secure authentication.

Please feel free to share your thoughts and queries in comment below.

 

Leave a Reply

Your email address will not be published. Required fields are marked *