Risk-Based Authentication: What’s Context Got to Do With It?

Categories: Trusted Identity

Contributed by Lauren Horaist, Senior Product Marketing Manager, RSA Identity and Data Protection Group

I sometimes find myself making strange comparisons between real life and work life.  One of those stream-of-consciousness moments happened a few weeks ago while I was driving home in a snowstorm. 

I was minding my business driving along my normal route, but because of the road conditions, I was driving much slower than usual.  My mind started wandering – as it tends to do – and one of those strange comparisons came to mind:  Really, cybersecurity and driving aren’t all that different. To stay safe, both online and on the highway, we need to understand our surroundings and adapt accordingly to changing conditions. 

In the dynamic world in which we live, context is everything.  This holds true in the online world, too.  In our everyday lives, we constantly make decisions based on contextual data and potential consequences.  Why shouldn’t our security technologies make decisions in similar, intelligent ways?  

As attackers adapt their methods and continue to steal mass batches of login credentials, static usernames and passwords provide little assurance of the true identity of the user behind the password.  As a result, context-aware user authentication has become a necessary weapon in the battle to protect online identities.  To be effective in today’s world, our authentication methods must be able to understand the context of a login attempt, analyze that context to determine risk, and adapt requirements accordingly.  This is precisely the goal of risk-based authentication

By learning about a user’s online behavior over time, risk-based authentication technologies are able to establish a baseline of what is normal for any given user.  With that, it becomes easier to spot anomalous characteristics that often times indicate that there is an imposter, instead of the true user, behind the login credentials.  In high-risk scenarios, an effective solution should adapt to this atypical context by requiring stronger proof of identity – which an imposter will likely not be able to provide. 

By analyzing a variety of factors beyond just a simple username and password, context-aware risk-based authentication technologies can help organizations more effectively protect against fraudulent and unauthorized access attempts. 

With so much sensitive personal, financial, and company data available via the web, static approaches to identity protection just don’t cut it anymore.  Today’s world demands smarter, adaptable technologies.

 Just like new innovations, such as collision avoidance, help keep our bodies safe on the road, technologies such as risk-based authentication can help keep our identities safe online.

Lauren Horaist
Author:

Lauren Horaist is a Senior Product Marketing Manager in the RSA Identity and Trust Management group. Lauren focuses on user authentication and fraud prevention on the mobile platform. Prior to joining RSA in 2011, Lauren worked in channel sales at Packeteer (acquired by Blue Coat), and she later transitioned to marketing upon joining LogRhythm. Lauren holds her BS from the University of Colorado and her MBA from the University of North Carolina, Kenan-Flagler Business School.