Risk-based authentication has a lot going for it. It authenticates securely, teaches security systems how to detect suspicious logins, and its use is fairly intuitive.
It’s not a cybersecurity silver bullet. But with the help of biometrics, risk-based authentication could be the most elegant and secure solutions for safe logins.
You’ve Seen It Before
You’ve probably experienced risk-based authentication before. For example, if you’re logging into a social media account from another country, you may be asked to identify photos of your friends. Additionally, if you’ve ever logged into your bank account from a different device, you may also be asked additional questions.
Here’s what happening when you log in. Based on your location, the device you’re using, and the type of account you’re trying to access, the login system will determine the risk potential of your login attempt. At that point, the system will create login prompts whose difficulty depends on the risk potential of the login attempt.
Does It Work?
Risk-based (also known as “adaptive”) authentication makes logical improvements from older methods of authentication. Theoretically, risk-based authentication does a more accurate job of proving you are who you say you are. It also can make the login process faster and easier by not making you go through the same process for low-security requests as high-security ones.
Risk-based authentication systems also adapt effectively in a way that more conventional ones don’t. Having to determine the risk of each login attempt makes the system get better and better at recognizing which login patterns are normal and which ones should be flagged. This makes the entire security infrastructure more efficient and better at detecting risks.
How Biometrics Fit In
However, there’s a reason that risk-based authentication isn’t used everywhere. It’s partially because it’s more complicated to implement than standard password authentication, particularly since machine learning is involved.
The other main reason shouldn’t come as a surprise – namely, that risk-based authentication could involve extra steps, which users tend to reject because it isn’t as quick as a username and password. Too many users are unwilling to take the steps that would make their entire enterprise more secure. Many users are also unwilling to use different passwords for different accounts, and they are allergic to additional or more complex steps in the name of security.
Biometric integration could make the steps for verification even more efficient. For example, if a user logged in with their username and password and the system determined that this was a high-risk login situation, the user could be asked to verify with facial recognition.
Alternatively, if biometric authentication (such as voice recognition) was one of the initial steps, the second step could be a more secure form of biometric authentication, such as fingerprint recognition. This allows the users to capitalize on the strengths of risk-based and biometric authentication without diluting the power of either.
Silver bullets don’t exist when it comes to cybersecurity. The threats are constantly changing, and there are always people chipping away at the security structures organizations struggled to build. Let’s take a different tack. Let’s fortify our systems based on our current strengths. Let’s bring biometrics and risk-based authentication together to create the systems that will keep us safe.