Proximity Authentication is a technology that logs a person in or out of applications, devices, or other resources using distance as a key measurement and to enforce policies. It requires the user to have a secondary device (e.g. smartphone, wearable) near to the primary device or resource to successfully authenticate.
Proximity authentication is a step along the journey to making security invisible to the user just as continuous authentication does, though the latter’s key policies are risk-based and not proximity-based. Proximity authentication is by definition passwordless. Passive, it uses the architectures, features, and communication protocols of the primary and secondary devices to carry out the authentication.
Proximity authentication can be part of a multi-factor authentication (MFA) solution by using distance for perfunctory access but adding an active component such as a prompt for a user biometric for more privileged access. See Step-Up Authentication.
Here is a sample of communication protocols that are being used for proximity authentication use cases:
Radio-frequency identification (RFID) / Near-Field Communication is primarily used for physical access.
Bluetooth or Bluetooth Low-Energy (BLE) is mainly used for short-range authentication or physical access. Questions arise about the security and integrity of bluetooth for proximity authentication.
A device connected to a local area network (LAN) displays that a user is present at a particular location.
This is used to assess a user’s location and allow or disallow access based on such.
“At work we have a mobile-initiated authentication system, or phone-as-a-token. Our smartphones give us access into the building, elevators, entryways, desktops, and all resources via SSO. One additional security feature of our system uses proximity authentication to ensure that when are 30 feet away from company resources, it logs us out of them.”