security

encyclopedia

risk-based authentication

Risk-based authentication is a form of verifying a user as they log in, scoring them against a set of policies that grant or deny access to resources based on the perceived hazards of doing so.

Risk based authentication attempts to “score” a user logging into a computer system, often using a number of factors including IP, Geo-Location, unique device identifiers, time, and location, among other characteristics to determine a “risk score.”

Based on the score the authentication system may ask for additional factors such as a biometric or a one-time-pin. Modern risk-based authentication uses a variety of contextual information and machine learning to generate a user score and prompt the user for various types of authentication.

Example:

“Our banking application sees an increased risk when users login overseas, so we prompt them for additional authenticators based on the risk score generated by their behavior.”

Risk-Based User Login Demo:

Image:

fido_authentication
hypr_trial_ad
hypr_trial_ad