It's referred to by many names: risk-based authentication, adaptive authentication, context-based authentication. But they all mean the same thing:, which is the password is not enough. Contextual authentication's key feature is the dynamic risk assessment that has the final say in the authorization.
While password-based multi-factor authentication (MFA) provides more assurance of user identity, it is not a foolproof method. Hackers can intercept one-time passwords and login quite easily as the user. Context-based access adds a layer of protection above and beyond password-based MFA. In conjunction with a secure passwordless approach, context-based authentication eliminates the vulnerabilities associated with passwords, while giving companies the option to layer on dynamic access controls when risk justifies the need for additional verification.
What is context-based authentication?
Context-based authentication factors in other variables, such as user behavior, the device used, and geographical location, and controls access based on this information. A risk score is formulated, with access dependent on that score. This is far different from traditional authentication, which makes the access decision on just having the correct credentials.
Risk score-based authentication will deny access if the user isn't compliant with the company’s security policies and is far more likely to respond effectively to novel threats that traditional authentication security methods might miss.
Using context and removing the insecure password from the authentication process all but eliminates unauthorized access, in turn lessening the likelihood of a data breach. Password-based MFA isn't enough: organizations small and large need an access management solution that can adapt to the ever-changing threat landscape.
Context-based authentication user access scenarios
To illustrate the benefits of contextual authentication, we've come up with four examples from industries where incorporating context into access management protects both the organization and its customers.
Financial technology (fintech)
The fintech industry has much to lose if attackers break in: they are tasked with keeping their customer's data and money safe and adhering to compliance standards. Certainty of identity is vital. The financial industry was one of the first to adopt MFA, and we think it should be one of the first to adopt context-based authentication widely.
A customer attempting to log into their stock trading app may be logging in from an unrecognized device. Traditional authentication methods may "verify" identity by sending an email or code to a registered device. How do you know that either of those methods will reach the intended recipient?
Contextual authentication handles an unknown device login differently. When the customer attempts to log in, the authentication platform looks for anything unusual, not just the device itself. Is the user logging in from a location or at a time that seems unusual? Is the device jailbroken or rooted? Does the device have biometric or PIN enabled? Context-based authentication asks these types of questions and can respond accordingly, whether that’s denying access or prompting for additional biometric verification.
Like fintech, eCommerce websites must also protect themselves as they store highly personal financial data on their customers. Some identity theft incidents trace their origins back to data breaches on eCommerce websites, and these breaches are extremely costly to organizations. It's not unusual for companies to spend millions in mitigation efforts to deal with them.
Context-based authentication is a perfect method to protect eCommerce websites from the types of security vulnerabilities that can be used against them. It looks for unusual activity in the access request and automatically takes appropriate action. Take, for example, an account attempting to make a purchase in your online store. You and your customer have a vested interest in ensuring that the transaction is legit.
Contextual authentication ensures that the activity and any transactions are legitimate at every step. Maybe a customer makes an unusually large purchase at an odd time. Context-based authentication will spot the unusual activity.
Authentication in the travel industry is challenging. Using context like location will not be especially helpful as your customers may be on the move. This also means they may access your applications from insecure access points, like public Wi-Fi networks. So how do you ensure that the person is who they say they are? It isn't easy to do so because of these factors in play.
Context-based authentication can help here. If a customer is attempting to accomplish a higher risk activity, such as changing their itinerary or adding other users to their account, context-based authentication will prompt for additional verification.
Password-based MFA wouldn't be able to provide you with that same level of certainty.
Context-based authentication is a perfect fit for media companies looking to protect their assets. While paywalls do add substantial friction to the authentication process, the costs of producing quality web content are not cheap, so it's become a necessary evil. But that hasn't stopped tech-savvy subscribers from trying to find ways around these security measures.
Risk can rear its ugly head all the time for media companies, but the sharing of login information is a common activity that malicious attackers use to their advantage. People share their media passwords with their friends and family all the time, who may be in different cities or even countries. This makes password-based authentication unreliable in ensuring only authorized users are accessing their subscriptions because it doesn't account for location at the time of login. Context-based authentication can prompt additional verification for new location and unknown devices.
Implement context-based authentication with Beyond Identity
While we've mentioned scenarios for the four industries above, all organizations should adopt context-based authentication methods. Beyond Identity's passwordless platform takes less than 20 minutes to deploy and removes the number one attack vector: passwords. With Beyond Identity, logging in is as simple as a click.
Secure Customers works by using immutable credentials backed by private keys that never leave the device. It uses physical biometrics collected by the device itself to serve as another trusted authentication factor in combination with the device credential, satisfying PSD2 Strong Customer Authentication (SCA) compliance requirements. It's passwordless MFA that provides frictionless authentication for customers while dynamically adjusting to real-time user and device risk.
This eliminates the possibility of account takeover fraud without creating barriers and impacting the usability of your application. But the login process isn't the only point where you should be monitoring for potential security issues. By leveraging user and device risk signals collected in real time, it allows applications to make a more informed judgment on whether or not to grant access to sensitive resources throughout the entire user session or give the option for step-up authentication.
Once logged in, Beyond Identity's platform captures granular user and device risk signals in real-time, dynamically adjusting access based on those results. And all without the friction of password-based MFA and with far better security than current two-factor authentication.
Demo Secure Customers today
See how Secure Customers can make worries over data breaches and access control a thing of the past while making secure authentication easier than ever before for your end user. Get a demo today.