Understanding Adaptive Authentication and How It Works
Use adaptive authentication, and you'll ask for different credentials depending on the risks posed by each visit.
In traditional authentication systems, you ask all of your users to do one or two things each time they visit, such as typing in a password or submitting a fingerprint. Adaptive access lets you add or remove complexities depending on who your user is, where that user is, or what the user is trying to do.
Adaptive access control comes through sophisticated computer programs, and you must pay for them. But your payments are worthwhile.
In 2020, a data breach cost companies an average of $3.86 million. The money you invest in security could keep you from paying for damage control.
What is adaptive authentication?
If you use adaptive access control, your visitors will encounter a computer program before they can log in. That program assesses the risks in each visit (based on criteria you define) and adjusts authentication requirements accordingly.
When we think about systems like this, we immediately contemplate programs that make access harder. For example, we imagine programs that require a retina scan before users can do something important like transfer funds.
But adaptive access control can also make simple tasks easier to complete. If you’re simply trying to look at your personal calendar, for example, you could skip several security hoops. Given that a third of us admit to so-called “password rage,” simplifications like this could be welcome.
Balancing security and usability is also key to keeping your employees happy with their workplace technology.
How adaptive access works
Adaptive programs work like access gatekeepers. Users must interact with them before they can tap into your servers.
Every program is different. But here's a quick rundown of how most work:
- Highlight dangers. Outline the risks by user role, location, time of day, and resource requested. Give each user a profile, so the program can learn how these people typically interact with your system.
- Determine baseline rules. Define the lowest authentication method you'll accept and stratify risks accordingly. Tell the program how you'd like to handle each scenario.
- Turn on the program. Each time a user tries to log in, the program evaluates the request and assesses risk. Authentication processes adapt accordingly.
3 examples of adaptive access control
Let’s imagine an accountant named Mike. He's based in Sacramento, and he's worked for your company for 10 years. Let's walk through what his experience of adaptive authentication might look like.
Scenario 1
Mike's profile attempts to log in to the accounting server a