(also risk-based authentication)
Adaptive authentication definition
Adaptive authentication is an authentication method or system that organizations use to verify user identity and authorization levels. It verifies user identity and authorization levels based on factors like device status, location, and end-user behavior. By using those factors, the system decides how a user must authenticate and prove their identities. Adaptive authentication is done by creating separate profiles for each user. The profile includes the user’s registered devices, geographical location, role, and more. Each user profile gets a specific risk profile, and the risk profile is used to determine the complexity of the authentication challenge.
Adaptive authentication types
- Email notification. If a user requests authentication, an email is sent to the organization, with the option of approving or denying it. If the user did not send the authentication request or if the request seems malicious, it can be rejected and the necessary actions taken.
- SMS notification. This type is often used for making payments online via a credit or debit card. An SMS notification is sent with a code that confirms the purchase, and if the purchase (authentication) wasn’t requested, it can be reported to the bank, preventing someone from using the card without approval.
- Blocking access. If certain risk criteria are met while a user requests authentication, the user account will be immediately blocked, and won’t be able to attempt to log in again.