In our previous blogs, we discussed what is adaptive authentication , the need for adaptive two factor authentication, and how it works. With all the talk about adaptive authentication security and adaptability, adaptive authentication security layer proves to be a formidable. But, does it benefit organizations in reducing the number of attacks? Is it worth adding another complex technology to intricate security measures that are already in practice? What are the advantages of adaptive authentication?
Using Risk Profiles
Each end-user has a risk profile. This risk profile is compiled through machine learning. The adaptive authentication security algorithm learns from the end-users habits and behaviors, time of login, location history, IP address of the login request, and many more factors. The number of factors that are evaluated or analyzed depends on the needs of the organization. They can be tailored to fit the tolerance of the end-user or the regulatory requirements. These risk profiles are used as a standard while evaluating a user’s login, and they’re updated with each login attempt.
Using Risk Scores for Authentication
Adaptive authentication security algorithms use risk scores generated from the evaluation of variables and factors associated with a login. The factors used in generating risk scores may vary depending on the service provider. Each risk score is weighed against the user’s risk profile by the risk engine. The policy management server uses the outcomes of the evaluation to decide the course of action to be taken. Based on the results and security risks accompanying the login attempt, it may take any of the three actions:
- Step-up authentication for a high-risk login: employ additional authentication on the login request, ask the end-user to authenticate further, e.g. if the attempt originated from an unknown device or location
- Step-down authentication for low-risk requests: allow the user to bypass any additional authentication, e.g. if the attempt was made from a registered device from the same location and time it is always accessed from
- Deny login for critical requests: for login requests that have extremely high security risks, the adaptive authentication security service may deny the login request altogether to keep the account safe. E.g. if the login request originates from a malicious IP, or from a location that is quite impossible for the owner to be present at, the login request may be denied or put to further scrutiny
Advantages of Adaptive Authentication towards Security and Usability
Apart from its typical use, based on the risk score of the login, end-user’s access to resources may be controlled. Infinite factors can be put towards authentication, and because the evaluation takes place on the authentication server, there is no loss of resources or time on the user’s end. The risk score can be further used to limit access to information and resources available to the end-user for that specific login. The major benefit of adaptive authentication is that a single algorithm can be used to fulfill the security requirements of a large number of users and organizations.
Once adaptive authentication security is employed on a login server and the risk factors are defined for the login, the need to monitor or control logins and access to resources is greatly diminished. Adaptive authentication algorithms can learn both through supervised and unsupervised learning. A strong adaptive algorithm will deliver a foolproof security to the login process.
A single factor of authentication cannot fit all users and provide the same level of security for each of them. Adding more factors in a multi factor authentication process increases the friction and complexity of the entire system. Only through tailoring and modifying the authentication factors for each user can a balance between security and usability be maintained and adaptive authentication does a good job at delivering both.