Step-Up Authentication is used to re-authenticate users or to add extra layers of security when they try to execute sensitive functions in a software application or service. This concept is traditionally used when individuals are accessing sensitive data, gating certain functionality in a product, or in the event a user’s session with the software is stale.
Step-up authentication methods at times add more friction than less secure methods. They are therefore used to map security critical functions to additional steps of verification in order to protect the user or organization whose application they’re using.
Methods have historically included SMS based verification, hard tokens, soft tokens, and FIDO certified authenticators that provide a higher level of security than a traditional username and password.
"We have users of our consumer banking app log into the app with their default, native biometric to view account information but to move funds, they are prompted for their PIN. With this use of step-up authentication, we're protect us — and them — at the moment when a more critical task is wanted."