Risk Based Authentication
Do you ever seamlessly login to your favorite banking or another secure website without issue only to one day get asked for additional verification in order to log in. Maybe you switched web browsers, devices, networks (e.g. public Wi-Fi) or are attempting to login from a new location when the site uncharacteristically asks for multi-factor authentication (MFA). If so, you’ve seen the benefits of risk-based authentication policies. Instead of requiring additional verification steps on every login, risk-based authentication policies allow the site to assess the risk level of your login attempt. If the assessed risk is elevated, the user is challenged further to complete the login. In risk-based authentication, the risk-based policy applies knowledge of your device and behavior to assess the potential risk level of an attempted authentication request.
Risk-based authentication both enhances security and user experience by allowing you to rank the resources you want to protect based on risk level and type of user. This gives you the power to create rules that are unique to the security structure in your organization, therefore enabling more flexibility or higher protection only when necessary.
Risk-based authentication takes risk factors into account when performing an authentication decision. It goes beyond a static authentication, allowing administrators to create rules that can modify the authentication behavior. This can allow for easier authentication if the risk is low, or requiring additional steps to ensure this is the right user, and blocking the access if the risk is too high — even if the user provided a correct one-time password (OTP). Examples of behavior that could result in a higher risk authentication
- Connecting from a new or low trust network
- Connecting from a new device
- User’s current location
- The user has not configured an identity confirmation method.
- The user attempts to authenticate using a low assurance device.
- User exceeds the threshold for unsuccessful login attempts.
- User uses a temporary token code or fixed passcode.
- Administrator clears a user’s PIN.
- Administrator changes a user’s PIN.
- Administrator marks a token as lost and a user attempts to log on with it.
The work environment has permanently changed. Remote work and the invisible office have become the new norm. Users are connecting to company resources from varied and unprotected networks. Working hours have become more flexible, so employees could be working from early hours to late evenings. Devices could have been shared with other family members. And this all means attackers will try to exploit this new world of possibilities.
Risk-based authentication is a critical piece of a unified security approach that includes network security, MFA, secure W-Fi, and endpoint security. If you are ready to make authentication more seamless and more secure, contact us. We’re here to help.