The Quick Guide To Risk-Based Scoring for Multi-Factor Authentication

Opret en gratis Insights-profil hos Ingeniøren og få direkte og nem adgang til whitepapers, webinarer og e-magasiner.
Når du tilgår dette materiale, accepterer du, at sponsoren af materialet kan kontakte dig på din oplyste e-mailadresse og telefonnummer med markedsføring af ydelser, der relaterer sig til emnet, som materialet omhandler.

Most organizations understand the importance of Multi-Factor Authentication (MFA) to securely log into any system or application. Simply providing a username and password is no longer considered secure, so MFA prompts the user for an additional factor to verify identity. This additional factor might be a One Time Password (OTP), an SMS text message, or an email. However, some of these delivery mechanisms for authentication can be hijacked. Hackers are getting better everyday at breaching accounts.

To move beyond traditional MFA, Identity and Access Management vendors, like OneLogin, have developed Adaptive Authentication methods that use contextual data from user behavioral analysis to determine if a login attempt is legitimate or high risk. This analysis is done by a risk engine that leverages Artificial Intelligence, like OneLogin’s Vigilance AITM.

OneLogin’s Vigilance AI, the key component to OneLogin’s Adaptive Authentication product called SmartFactorTM, creates user behavioral profiles based on user login activity, their typical habits, and their login context information. The risk engine can then generate a risk score by comparing a user’s current login activity to their past behaviors.

Based on this risk score, the system can be configured to prompt the user for additional authentication factors for a high risk attempt, remove authentication factors for a low risk attempt, or completely cut the user off from access all together if the login attempt is deemed very high risk.