Authentication is undoubtedly one of the most crucial aspects of cybersecurity today, but our understanding of how to verify users and their actions has been largely unchanged for decades. It always works the same: the user provides something they know (password), have (ID), or are (fingerprint) and if this input matches what the system knows about the user, a session is initiated with the user's privileges. The resurgence of continuous authentication in the security conversation signals a perspective change in our industry: From authentication as an event, back to authentication as a process. The world is changing quickly; wearables, smart devices, and laptops have profoundly impacted the way we work. Today’s knowledge worker frequently switches between and share devices with coworkers and family. Also, what we do has changed. We are using many different interlinked accounts and services all at the same time. This makes organisations vulnerable to three attack.