Updated: Aug 31, 2020
Since 63% of confirmed data breaches can be linked to weak, default or stolen passwords, the time has come for businesses to seek more reliable authentication methods. The increasing complexity of the cybersecurity landscape has rendered traditional passwords all but useless, and a nuanced approach to access management is necessary to protect against emerging threats.
Confirming Identity with Context
Contextual authentication takes users’ habits into account when determining whether to grant or deny access. It’s rare for users to deviate from their routines, so behavior patterns tend to be predictable. These patterns provide the context in which it’s “safe” for the system to authorize login attempts. Hackers using stolen credentials will find it difficult to replicate the exact circumstances under which users access their accounts, and contextual authentication enables flagging of unusual behaviors.
High numbers of false positives may be returned with this authentication method if contextual details are lacking. The system can “learn” new patterns over time, but providing comprehensive user profiles during implementation prevents the IT department from being swamped with alerts. When given enough information, contextual authentication monitors users’ sessions in the background and prompts for additional authenticating factors only when deviant behavioral or circumstantial factors are detected.
Adapting with Risk Evaluation
Evaluating risk levels is a key component of contextual authentication and can be invaluable in network environments where different degrees of security are required in common workflows. By taking into account the likelihood a system will be compromised, this authentication method is able to grant access based on the risk involved in specific situations. Circumstances are evaluated and given risk “scores,” which the system uses to determine whether additional credentials are required before allowing users to proceed.
The dynamic nature of a risk-based authentication model makes it possible for systems to adapt to context, evaluate individual access requests and respond appropriately. Businesses can integrate other authentication methods, such as biometrics or one-time passwords (OTPs), to provide extra layers of security. A properly configured system handles the majority of potential threats on its own and doesn’t alert the IT department unless it encounters a serious breach attempt requiring human intervention.
Pinpointing Users with Geolocation
Geolocation provides a significant amount of information about the owner of a device, which can serve as confirmation of identity to authorize a transaction. Businesses may use geolocation to prevent hackers from making purchases using stolen credentials by comparing a user’s delivery address to his or her physical location when placing an order. Geolocation can also detect significant deviations from a user’s normal login location or determine if an authenticating device is in the same location as the individual requesting system access.
The use of geolocation allows for granular access control in organizations handling highly sensitive information. A business may, for example, restrict its employees from logging onto the network only from within specific office locations. This ensures information is never shared over connections business can’t monitor, such as unsecured public Wi-Fi. Access rules may be adjusted to include other areas when employees are traveling or businesses expand into additional locations.
Geolocation isn’t infallible. It requires a strong cellular signal or Wi-Fi connection to work as intended and is no longer a viable authentication method if a device is stolen along with a user’s access credentials or a customer’s credit cards. However, it can provide valuable information when used as part of a broader contextual authentication strategy.
Authenticating with Apps
Equipping users’ devices with authentication apps eliminates the risks of using text messages for two-factor authentication (2FA) and mutli-factor authentication (MFA). Text messages can be hijacked with a SIM attack, in which a hacker diverts a user’s cell phone number to his or her own SIM card. All information meant for the user is then received by the hacker, including authentication codes, PINs and OTPs sent via text messages.
Authentication apps link to users’ accounts and provide unique codes whenever a change in context is detected, such as a login from a new device or an access request made from a remote location. Because the apps operate independently of Wi-Fi and cellular connections, the time-sensitive codes are always available for use.
When hackers attempt to gain account access with stolen credentials, they’re prompted to enter a code from the app. Without the associated device, the login attempt fails. Some apps allow for additional protections, such as PINs or passwords, to prevent hackers from obtaining codes on stolen devices.
Read more of our Blogs at http://www.woodsllp.com