Risk-based authentication is a form of verifying a user as they log in, scoring them against a set of policies that grant or deny access to resources based on the perceived hazards of doing so.
Risk based authentication attempts to "score" a user logging into a computer system, often using a number of factors including IP, Geo-Location, unique device identifiers, time, and location, among other characteristics to determine a "risk score."
Based on the score the authentication system may ask for additional factors such as a biometric or a one-time-pin. Modern risk-based authentication uses a variety of contextual information and machine learning to generate a user score and prompt the user for various types of authentication.
Example:
"Our banking application sees an increased risk when users login overseas, so we prompt them for additional authenticators based on the risk score generated by their behavior."
Risk-Based User Login Demo:
Image:
