identity and access management has to be a top priority in any security
strategy. Managing identity and access to secure accounts has never been more
important for organizations. Employees now have hundreds of accounts to manage,
and with the rise of SaaS applications for business processes, each account can
hold vast quantities of sensitive company and customer data.
and passwords alone are not strong enough verification methods to protect this
data. This is especially true when many employees use weak and unsecure
passwords. Couple this with a rise in phishing attacks which aim to steal
account details, and you have a recipe for businesses needing to implement much
stronger security on their accounts. For many businesses, this has meant
implementing multifactor authentication (MFA) across their accounts.
But in recent years, a new form of multi-factor authentication, ‘Adaptive Authentication’ has become increasingly integrated with identity and access management platforms. Many vendors have argued that adaptive authentication is the best approach to protecting accounts and ensuring that data can only be accessed by the right users.
businesses considering implementing MFA for their accounts may be wondering if
adaptive authentication is the best approach to securing their accounts, or if
two-factor authentication is enough. In this article we’ll explore these
issues, how authentication works, the benefits of both multi-factor and
adaptive authentication, and what the best identity management approach is to
protect your users and data.
What is Multi-Factor Authentication and Why Is It Important?
Multi-Factor Authentication is a security system that verifies your identity
when you log into accounts. There are a few different ways of achieving this,
but it basically means that to log into your account you need to have something
you know, something you possess or something you are.
This can cover a range of different authentication methods. Popular choices are requiring users to install an authentication app, which generates a secure code which allows them to verify their identity. Other popular choices are using a biometric security method, such as using TouchID or FaceID on smartphone devices to verify identities.
Two-factor authentication (2FA) is a method of multifactor authentication which requires an extra step to logging into accounts. Two-factor authentication requires users to have one extra piece of additional knowledge rather than just relying on a password. This is often something simple, like password from an app (something you have) or a fingerprint read (something you are), which makes it easy for users to get access. Importantly the ‘factors’ involved will stay the same for each login attempt.
Security Factors for Authentication
|Something You know||Something You Possess||Something You Are (Biometrics)|
|Passwords||Text Message Code||Fingerprint/Thumbprint|
|Pin Number||Code From an Authenticatior App||Face Scan|
|Answer to a Security Question||Security Tokens||Iris Scanning|
this, 2FA is the most common way for businesses to implement multifactor
authentication. It adds an extra layer of security that isn’t too cumbersome
for users who simply need to get access to their accounts. Sometimes users are
given the option to set their devices as being ‘trustworthy’ which means that
any further login attempts on that device (with the right username and
password) don’t require any additional identity verification.
of adding multi-factor authentication is that accounts become much more secure.
Passwords can often be easily guessed or stolen, and multifactor authentication
means that attackers are far less likely to be able to access an account. It’s
highly unlikely that the typical cyber-criminal will have access to your
smartphone, or your sim-card, as well as a username and password.
security vendors have come to argue that two-factor authentication on it’s own
lacks ‘flexibility and intelligence’ giving users two basic options of having
to authenticate their identity each time, or not at all. Neither of which, it
is argued, strikes the balance between strong security and a convenient user
What is Adaptive Authentication?
Authentication is a flexible method of deploying 2FA or MFA that allows
different security ‘factors’ to be used depending on a user’s risk factors and
tendencies. Adaptive Authentication platforms mean that the right
authentication factors are used for the right users, adapting the type of
authentication to the scenario.
this means that the right level of authentication is applied to the right
users. For low risk users, this means that when they log into an account, they
may just have to use 2FA with an SMS code sent to their phone. But for high
risk users, they would need to use a biometric scan to log into the same
account. This improves security by making sure that high risk users and
accounts have the right level of adaptable, flexible security.
Authentication is far more intelligent than traditional MFA. It can respond to
the device that login attempts are made from, the IP address and the location
of login attempts, so that it can identify when a login attempt is high-risk,
and therefore implement stronger authentication controls.
How does Adaptive Authentication Work?
The main purpose of adaptive authentication is to adapt the security measures on the account to the risk-level of the user. User risk levels are governed in three ways:
1) Behavioral Learning
Over time, Adaptive Authentication solutions learns the typical behaviors of individual users to determine what their normal range of behaviors are. This includes learning the usual resources users’ access, and their normal locations, IP-addresses, times and devices used for logins. This means that the security measures in place can adapt over time.
For example, if someone who normally logs-in to an account in their office in London, suddenly tries logging in from an unknown IP-address in Colorado, the Adaptive Authentication will register this as being a potential account compromise attempt, and ask for multiple methods of verification.
2) Granular Admin Policies
Adaptive Authentication platforms provide granular admin policies that allow security teams to define risk levels based on the role, location, time, account or resource being accessed and more. This control is a major benefit over traditional 2FA and MFA.
3) Behavioral Learning and Granular Admin Policies
Adaptive Authentication solutions will combine behavioral learning with
granular admin policies to create a mixture of dynamic policies that are fine-tuned
to each user, and static policies that are guaranteed to protect important
accounts and high-risk employees.
Is Adaptive Authentication the Best Authentication Approach?
Adaptive Authentication has many benefits over traditional MFA. MFA and 2FA has been described as a ‘one-size-fits-all’ approach, in that low-risk, routine events still require authentication, while high-risk events don’t have any additional security measures in place.
solves this, by ensuring that routine low-risk logins are streamlined and
simplified to save users time, while high-risk logins have extra layers of
security in place to protect accounts and data.
Adaptive Authentication represents a more intelligent approach to identity
management, using behaviors to better manage ease of access to our accounts, without
compromising on the security measures that are so crucial to protect data.
important to note that Adaptive Authentication isn’t perfect, and having MFA or
2FA in place is still a strong step in implementing security measures,
especially if there are no extra layers of account security at all.
Many vendors suggest that Adaptive Authentication is the best method to protect your accounts and users. This infographic from Identity Management vendor LastPass details 10 reasons why you need Adaptive Authentication over 2FA:
Adaptive Authentication provides a more intelligent approach to managing identity and access. By using a mixture of behavioral analytics and granular admin policies, Adaptive Authentication provides a security approach that enhances the user experience. It makes low-risk accounts easier to access, while making high-risk accounts and users much more secure.
organizations implement Adaptive Authentication as part of a holistic Identity
and Access Management solution. This normally combines Business
Password Management, Adaptive Multifactor
Authentication and Single Sign-On
across all of their business accounts.
If you want to find out more about Adaptive Authentication, you can read customer reviews of all of the top MFA solutions