Risk Based Authentication or Adaptive Authentication is a feature through which the risk context of a certain user’s login attempt is analyzed according to the user’s login pattern, location, device etc. If a certain risk threshold is exceeded, then application challenges the user with another set of authentication questions like challenge/response, captcha, software token etc.
Off late, this has become one of the most often sought feature in any software’s identity and access management requirement. Some of the products that offer this feature are
- Okta Adaptive Multi-Factor Authentication
- RSA Adaptive authentication
- Duo Security
- Ping
- Secure Auth etc.
This feature is a very good step-up protective measure that one may want to use while developing an application. Any thoughts?
A Security Consultant's Diary 