Adaptive authentication is a term that you may be hearing more and more within the industry. Analysts are talking about it and so are many vendors, but what is it exactly?
Adaptive authentication is a way that two-factor authentication or multi-factor authentication can be configured and deployed. It’s a method for selecting the right authentication factors depending on a user’s risk profile and tendencies - for adapting the type of authentication to the situation.
There are three ways that adaptive authentication can be deployed:
- The system admin can set static policies defining risk levels for different factors, such as user role, resource importance, location, time of day, or day of week.
- The system can learn the typical activities of users based on their tendencies over time. This learned form of adaptive authentication is similar to behavioral correlation.
- A combination of both static and dynamic policies.
Regardless of how you’ve defined your corporate risk levels, adaptive authentication adapts to that risk level, presenting the appropriate level of authentication for the given level of risk. Unlike standard, one-size-fits-all authentication, it avoids making low-risk activities inappropriately burdensome or high-risk activities too easy.
Identity Automation is a proponent of using adaptive authentication policies as part of a broader multi-factor authentication approach. This strategy is the most secure way of managing identities and access for your organization.