Adaptive Authentication: Can it Offer Security Without the Irritation?

Understanding Cyber Threats

Cyber threats are an ever-present concern for organizations seeking to protect their assets. To address this issue, a growing number of companies are testing cutting-edge, adaptive forms of authentication that recognize patterns in keystrokes, typing patterns, mouse movements, or even gait. These extra authentication factors help organizations like enterprises, banks, and hospitals guard their most valuable assets and avoid the user irritation sometimes associated with multi-factor authentication requests.

How Does Adaptive Authentication Work?

Adaptive authentication verifies a user by scoring their reliability based on factors like IP address, geo-location, and time of day. Adaptive authentication products build a baseline of normal behaviors from a legitimate user’s patterns and then notice anomalies. An unusual pattern is flagged as a potential account takeover, and the access system can then log the user out, prompt a multi-factor authentication request, or reduce in-session privileges.

Adaptive technology combines a rule-based approach with advanced analytics and artificial intelligence, or machine learning. Machine learning can figure out how users work, when they access different types of data, and what data they are trying to access. It learns behaviors and can determine how users do what they do when they do it.

Comparing MFA and Adaptive Authentication

While the arrival of Multi-Factor Authentication (MFA) is surely welcomed by security professionals, contextual authentication brings verification without the continued MFA requests like checking your email or texts—an attractive feature, perhaps, for users that want to log in and get going. With adaptive authentication, MFA is not required for every login; only those users with a high-risk score are asked for additional authentication factors.

User Perceptions and Adoption

Customers are demanding more frictionless authentication. A seamless approach free of multiple requests to prove users are who they appear to be. As more companies choose adaptive options, employees may need to get used to technology learning things like their typing patterns or keystroke pressure. That kind of surveillance could be "justifiably perceived as creepy."

Adaptive authentication is still in an early phase of adoption, and deployers will have to prepare employees for the system’s potentially surprising grasp of their behaviors. Clear explanation of the technology and how user data is protected will help users understand the benefits and alleviate concerns.

Conclusion

Companies are always looking for ways to stay ahead of cyber threats, and adaptive authentication offers a promising approach to improve security and user experience.

Source: itbrew