What Is Adaptive Authentication?
Balancing security needs and customer convenience can be a challenge. The more stringent you make your security controls, the more likely you are to frustrate legitimate customers. Fortunately, adaptive authentication provides the security your business needs while allowing a lighter approach to ensure an optimal user experience (UX).
This blog helps answer some of the questions commonly raised by our customers by using real-life digital banking examples.
What Is Adaptive and Risk-Based Authentication?
Adaptive authentication and risk-based authentication are terms that are commonly used interchangeably. They refer to a cybersecurity approach that enforces certain “levels” of authentication depending on several unique factors. Let’s dig a little deeper and explain some of the basics:
- Authentication — the process of verifying the identity of a customer by confirming or denying the validity to access a system or an application
- Adaptive or risk-based authentication — adjusting the user authorization challenges or requirements based on predefined approaches and factors. For example, if a customer is trying to perform an international money transfer, he or she will most likely have to provide authentication that goes beyond username and password. It is also possible for a bank to offer the opportunity to adapt the authentication method required based on the device the customer uses to offer additional convenience. This could mean authenticating using the mobile device when banking on mobile or vice versa when on a PC.
For the sake of this article, I will be using “adaptive authentication” to represent both terms.
Adaptive authentication uses numerous factors to define security challenges, some of which could include the following:
- The customer who is trying to access those systems
- The specific systems he or she is trying to access and the sensitivity of the information they contain
- Behavioral biometrics, including clicks on a website or taps on a phone, usual typing speed or swipe gestures
- Other factors about the access attempt, such as previous login attempts, device type, location and other special circumstances
How Does It Work?
Adaptive authentication uses machine learning algorithms to analyze customer behavior and its environment. The system then combines this with security policies and protocols to determine if additional authentication is required. Cybersecurity teams can update rules and protocols to provide the right balance of security and accessibility.
When To Use Adaptive Authentication?
Adaptive authentication is ideal for balancing user experience against the need for robust security and data protection. Here are a few use cases as examples:
- Use single factor (password only) authentication to access account balance
- Only ask second authentication factor when using a new device for the first time
- Step up with an additional level of authentication when a series of abnormal factors are detected during a session to prevent fraud
- Do not block unusual transactions in isolation. If the customer environment and biometric behavior indicate that the user is who he or she claims to be, the transaction can be authorized.
How Does Adaptive Authentication Differ From “Regular” Authentication?
Regular authentication typically requires the same authentication method for everyone, regardless of their situation.
In the world of persistent threats this would typically be multi-factor authentication (MFA); however, by implementing adaptive authentication we can remove this hassle, reduce friction and keep customers engaged by taking into account the varying levels of sensitivity of certain data and transactions.
Adaptive authentication can be one of the best ways to secure your sensitive data and systems. Combined with single sign-on and a strong MFA solution, it provides a largely transparent way to authorize users and only challenge them further when necessary, to offer the best possible user experience.
Want to learn more?