Risk-Based Authentication (RBA), also known as Adaptive Authentication, adapts the stringency of authentication processes based on the likelihood that access to a given system could result in its being compromised. RBA uses a scoring system where a risk score is developed for each log-in attempt, and then this score is weighed against the allowable risk threshold for a given system.
Risk-Based Authentication includes a software token element comprised of a number of factors, including network information, user information, positive device identification (i.e. device forensics, user pattern analysis, and user binding), user profiling, and high-risk Challenge/Response Questions.
How Risk-Based Authentication Works With RapidIdentity MFA
RapidIdentity MFA manages the generation of the user-based software token and associated user-based profiling. During enrollment, users choose from a list of questions and provide answers to their selections. The answers are then encrypted and stored in the RapidIdentity Server.
With RapidIdentity MFA, Risk-Based Authentication is implemented during operating system and application access. The user logs on using username and password, and then RapidIdentity MFA assesses the level of risk associated with the logon event. If the risk threshold is triggered, RapidIdentity MFA locks the system, and the user must either login with a stronger form of authentication or correctly answer one or more challenge questions. Once validated, the user is permitted access to the operating system or application.
Risk-Based Authentication Benefits
- Balances convenience and security
- Risk threshold can be adjusted based on how your company defines risk
- Can be used as a fallback to other authentication methods
- Lower cost than other forms of strong authentication
- Complies with CJIS Security Policy