Adaptive Authentication And Machine Learning
“We use an analogy: the front door of your house has a handle that is easily turned to go in and out. It has a lock for security,” says Omri Sigelman, co-founder of Nuro Secure Messaging. “The more locks you add, the more effort it requires to open the door.”
Today, with the evolving technological era, the dual challenge of ensuring user productivity while preserving high-security standards has become quite a pivotal challenge. Despite the concerns on security doesn’t have to hurt usability, efforts are yet to be made to achieve such motives.
The concept of Adaptive Authentication comes into play with the fraught-ed complexities in traditional frameworks for authentication control and to eliminate hindrances to user productivity. The inefficacy in incorporating additional risk factors such as location, network type, or operating system in the authentication controlling process makes the traditional frameworks to be more and more outdated.
In a simple explanation, Adaptive Authentication is a way that two-factor authentication or multi-factor authentication can be configured and deployed. It’s a method for selecting the right authentication factors depending on a user’s risk profile and tendencies — for adapting the type of authentication to the situation.
The art of Adaptive Authentication is powerful enough in identifying the associated risk levels and presenting the appropriate levels of authentication in real-world scenarios. Unlike the standards like “One size fits all approach,” which possibly can cause a negative impact on usability, security, efficiency, and compliance, Adaptive Authentication on the other hand avoids making low-risk activities inappropriately strenuous or high-risk activities too facile.
In a nutshell, this non-static authentication approach takes the profile of the agent who is requesting the access to the system for determining the risk profile associated with that transaction. Afterwards the risk profile will be used in determining the complexity of the challenge. As mentioned before, this approach is adaptive to the situation providing the feasibility for higher risk profiles to undergo stronger challenges, whereas a static username/password may suffice for lower-risk profiles.
When it comes to the implementation of the Adaptive Authentication in industrial atmosphere, it is quite apparent that, different approaches had been made to achieve different variants of Adaptive Authentication process. However a machine learning based model could be identified as an effective mechanism for the implementation, considering the nature of the problem at hand.
OneLogin has approached this method of implementation in catering their motive of “Usability Drives Security”. Their Adaptive Authentication uses machine learning to determine whether to prompt users for multi-factor authentication. To make the process more salient, it uses broad range of inputs to calculate risk scores and determine the most appropriate security action for a given situation. Following is an overview of type of inputs what OneLogin is using in it’s Adaptive Authentication model based on machine learning.
In OneLogin’s Adaptive Authentication model, following actions will be performed based on the risk score that will be obtained.
It is quite evident that through this Adaptive Authentication model based on machine learning, OneLogin has offered its customers with seamless and secure user experience which can keep up with the today’s constantly evolving security risks.
In the traditional context, it is quite evident that the human factors and usability issues were empirically neglected when it comes to security research and secure systems development. There had always been a major trade off between security and the usability. However, this controversy should not last long in the commercial systems due to the fact that in the modern era, everything equally matters. That’s why it is becoming a timely necessity for approaches like Adaptive Authentication to step into the filed of identity and access management.
References
2. https://news.hitb.org/content/rsa-updates-adaptive-authentication-solution-advanced-threats
3. https://www.onelogin.com/blog/what-is-adaptive-authentication
