Most common adaptive authentication factors in use

Adaptive authentication uses several risk factors to evaluate the authenticity and security risks associated with a login attempt. Identifying the origin of a login attempt is critical to any adaptive algorithm. We have already discussed how adaptive authentication analyzes the risks for a login attempt in our blog. Let’s discuss what are the most common adaptive authentication factors used in identifying the end-user, generating the user’s risk profile and risk score.

Most used adaptive authentication factors for risk management

Adaptive authentication proposes the concept of ‘infinite factors’, which says that the authentication algorithm can use any number of factors to verify the authenticity of a login attempt. That said, each added factor increases friction in the algorithm and uses more resources. The lag in the system will increase with an increase in the number of factors that have to be evaluated for a login attempt. Hence, security providers only focus on the critical and efficient adaptive authentication factors. We will cover some of the most commonly evaluated factors.

Time Anomaly

The activity time varies from user to user. Users typically access the Web or web services in a specific time frame. This window of activity is mostly unique to each user and can be learned to predict when a user is most likely to be active. E.g. in corporate sectors, employees will definitely access the services during their working hours. Adaptive authentication algorithms detect unconventional and suspicious behavior in timings of user activity.

User Behavior

Most attackers try to hack other users through their login credentials. In rare cases, an attacker may gain access to the user’s multi factor authentication system and break into their accounts. Even though, it is tough to mimic a user’s behavior mostly because of the complexity in patterns and routines. Adaptive algorithms learn from these patterns to detect anomalous/bot-like behavior and distinguish login requests between genuine user and an attacker.

Device Fingerprinting

Each user has access to a limited set of devices, of which they own a few specific devices. Each device has its own unique ID, OS, applications etc. And mostly, users access their services and accounts from these specific devices, this information is used to build the user’s unique device profile. Hence, any request originating from an unknown device calls for action. The authentication server may step-up the security if it is unable to identify the device.

Geolocation

Authentication server locates the end-user and matches it to the user’s location history. Any login attempt from a new location is most likely to be subjected to further verification. This factor is helpful for restricting the access to a limited set of locations. E.g. organizations may limit access to their servers only from select locations. Plus, requests from remote or dubious locations may be scrutinized further.

Geo-velocity

Login attempts that may be a result of a highly improbable travel event cause suspicion and such requests are subjected to further authentication or are redirected to safe zones. Let’s say, Mark logs into his company’s portal from his home in Houston at 11:00 PM. Now three hours later the authentication server receives a request from Mark, and this time he’s logging from Seattle. Something is definitely suspicious about this request. Now depending on other factors, the security may either be stepped-up, or the request may be entirely denied.

IP Threat

IP threat detection tools identifies the IP address of the authentication request. If a request originates from a blacklisted or malicious IP, it may be denied altogether. This tool may come in handy for organizations who want to limit access to resources only their own servers or specific IP addresses. A request from any other source for such servers will not even go through.

Shared Intelligence

Shared intelligence is a practice where security providers share information about threats and attacks with each other to successfully identify attacks from similar sources and thwart them easily. Blacklisted devices, IPs, malicious servers, etc. can easily be identified and blocked from gaining access.

The best thing with adaptive authentication is that it is highly customizable. 2FA providers, like REVE Secure, tailor adaptive authentication factors to fit the needs of the organization and adapt to the end-user’s behavior. It can be easily modified for different workflows and groups depending on the type of vulnerabilities. As you know, adaptive authentication works in the background, out of the user’s knowledge, hence it reduces any interruptions or annoyance to the user. It can continually monitor user activity and behavior, learning and protecting from any incoming threats.

Why do we need adaptive 2FA (two factor authentication)?

Two factor authentication (2FA) has helped everyone connected to the internet in keeping their accounts, data, services… safe from the attackers. It’s a highly robust security layer, which is extremely hard to crack. The question is, if it is that safe to use 2FA, why do we need adaptive 2FA. The answer is simple, better security and accessibility. Let’s justify the answer over this discourse.

Adaptive 2FA

Adaptive authentication is a new security feature that uses machine learning to verify the authenticity of a login before prompting the user for two factor authentication. Let’s break this up. First, from user’s point of view, adaptive authentication is just an add-on to their 2FA authentication solution. The user will not interact with adaptive authentication security layer directly. Second, it uses machine learning. Machine learning uses algorithms to learn patterns in data and make predictions based on that data. This gives machines (processors) the ability to decide. Third, the veracity of the login attempt is confirmed on the service provider’s end. This process checks from various patterns learned from the account owner, if the login attempt is valid and secure.

New authentication factors lead traditional methods towards deprecation.

Choosing the authentication factors

Two factor authentication adds complexity to the login process. Each additional authentication factor added to the login process (3FA, multi factor authentication, etc.) incorporates inefficacy. Adaptive authentication strengthens the security of a user’s account without adding any complexities to the login process. Utmost attention is paid while choosing the authentication factors. Too many authentication factors may ultimately slow down the authentication process and make it cumbersome. A balance is maintained between security and usability by adding only the most significant factors, like login time, device used for access, IP at which the login originated, geolocation, and security of the communication channel. A user’s behaviour is recorded and analysed based on these authentication factors to create the user’s risk profile. The machine learning algorithms adapt to the user’s risk profile and tendencies to develop an effective mechanism for verifying the veracity of the login attempt.

Effortless security for users

Identity management gets easier with the use of adaptive authentication, both for the end-user and enterprise. The user will not have to be bothered with different authentication layers. Instead, the entire process of authentication will be swift and easy. Enterprises will not have to dedicate security personnel to verify the reliability of a login attempt, saving both resources and time. Also, machines are fast. The entire adaptive 2FA process executes in the background with negligible time delay. In most cases, the user will not be even aware of the verification that has taken place.

Efficacy and Usability

Adaptive authentication can verify several factors associated with the login attempt, before the user gets to 2FA. Not only this, adaptive authentication can even allow a user to bypass 2FA based on the veracity of the login attempt. e.g. When not in office, Max always uses his personal mobile device to login to his work account. Before implementation of adaptive authentication, each time Max tried to log in, he was subjected to two factor authentication. But few days after adaptive authentication was implemented on his company’s server, Max stopped getting 2FA requests and could login through user ID and password alone. Through adaptive authentication the server knows that it is Max who is trying to access his account from the same mobile device he’s used in the past. Isn’t it easier? And it’s just through a single factor. The adaptive authentication algorithms use a number of factors and complex statistics to build user profiles.

Dynamic and (per the name) Adaptive

The processes and algorithms involved in adaptive 2FA are dynamic. They keep building and updating the user risk profile. At each attempt, along with verifying the authenticity of the login the attempt, the login pattern is analysed and recorded. The entire process of learning, analysing, and authenticating is dynamic in approach and adaptive to situation. The algorithms learn from and adapt to the login conditions. For high risk profiles or questionable login circumstances, more authentication factors may be incorporated.

Adaptive authentication can even identify malicious users and malicious bots trying to gain access to a user’s account through hacked or stolen passwords and deny them authentication altogether. Any malicious user will not even get to the two factor authentication.

Adaptive authentication is a hidden layer of security that verifies the veracity of the login attempt through machine learning. It is simple, secure, efficient, and dynamic of all things. It uses large range of inputs and factors to build a user’s risk profile to facilitate authentication. It reinforces security of an account without adding any extra verification steps for the user.