Risk-based authentication is a form of verifying a user as they log in, scoring them against a set of policies that grant or deny access to resources based on the perceived hazards of doing so.
Risk based authentication attempts to “score” a user logging into a computer system, often using a number of factors including IP, Geo-Location, unique device identifiers, time, and location, among other characteristics to determine a “risk score.”
Based on the score the authentication system may ask for additional factors such as a biometric or a one-time-pin. Modern risk-based authentication uses a variety of contextual information and machine learning to generate a user score and prompt the user for various types of authentication.
“Our banking application sees an increased risk when users login overseas, so we prompt them for additional authenticators based on the risk score generated by their behavior.”