If data really is the “new oil”, then we need to manage the risk of an oil spill. The personal information that we store online has become a prime target for hackers, and usernames and passwords are no longer enough to protect it. Fortunately, we now have risk-based authentication solutions that allow us to identify risky login attempts and better secure our data.
What Is Risk-Based Authentication?
Risk-based authentication uses real-time intelligence to gain a holistic view of the context behind each login. When a user attempts to sign in, a risk-based authentication solution analyzes factors such as their device, location, and network. It then calculates a risk rating based on these contextual elements, and can decide to allow the user access, prompt them to submit another authentication factor, or deny access altogether..
Say someone unexpectedly knocks on your door late at night. You might be hesitant to open it at first, but then your friend calls you from outside. Recognizing their voice, you’d be more inclined to open the door and let them in. A risk-based authentication solution works in much the same way. If a user attempts to log in with a device that is unknown to the system, it will not allow access until the user has further verified their identity with an additional factor.
Identify and Protect Against Risk with Contextual Access Management
Keeping in mind some popular models of risk-based authentication, here are some key capabilities to look for in any risk-based authentication solution:
- Access to real-time threat data to identify potential security hazards
- Analytics of the user’s context, including their device, location, and network connection
- Ability to have users enter extra authentication factors to prove their identities in risky scenarios
- Configuration policies that allow admins to set up authentication procedures that are more secure than entering passwords
Implement Risk-Based Authentication with Okta
Okta’s Adaptive Multi-Factor Authentication (Adaptive MFA) analyzes the user’s context at login time. After the user tries to sign in, Adaptive MFA assigns a risk score to the attempt based on contextual cues such as their location, device, and IP address. Based on the risk rating, the solution can deny access or prompt the user to submit an additional authentication factor to guard against potential breaches.
Pairing it with Okta ThreatInsight gives you an even stronger risk assessment tool, as ThreatInsight analyzes data from a wealth of sources to uncover risks that could otherwise have caused trouble. It can, for example, assign a higher risk rating to IP addresses that don’t seem suspicious but have been flagged as such on Okta’s network. ThreatInsight also makes it possible to phase out passwords entirely, with just three simple steps:
- A username is entered at login.
- ThreatInsight analyzes the context of this particular login and assess the risk.
- If the user has tried to gain access in a low-risk environment, they can just tap an Okta Verify push notification to do so.
Unlike passwords, risk-based authentication tells you everything you need to know about the user, and makes it easier for the right people to gain the right levels of access.