What is Risk Based Authentication

The security steps taken by airports aren't constant; the airport assesses the threat level and responds accordingly. As the threat risk increases, so do the additional security steps. We often notice them as these extra steps create additional friction for us at the airport. We put up with the increased friction because we still want to be able to fly. In an environment of low risk, the airport can relax security, enhancing the flying experience whilst maintaining a secure airport.

The same should be true with authentication; having CAPTCHA enabled on your login screen helps to prevent password spraying and stuffing but creates additional friction for your users. You only want to enable this enhanced security when under attack. How do you know you are under attack? Traditionally you could monitor CPU, network load and alert on spikes in activity. However, hackers are getting smarter; they now fly under the radar using low-velocity attacks, which do not result in network or CPU activity spikes. To detect suspicious activity now, you need a more sophisticated solution that looks at trends over time.

Rock Solid Knowledge's Risk Based Authentication (RBA) component monitors logins, looks for suspicious behaviour, and computes a threat level. How your application responds to the threat level is up to you, it could be as simple as at a medium level or above, you force all users to use CAPTCHA; this then disables the attack allowing the threat level to return to low and removing the need for CAPTCHA. Or perhaps at a high level, you force 2FA even if the user has requested to remember their device.

Risk-based authentication hits the sweet spot of creating additional friction for users only when under possible attack, keeping users safe whilst maintaining the lowest possible security friction.

Contact us today to learn more about how RBA could be applied to your login experience.