Risk-based authentication (RBA) solutions, also known as adaptive authentication, increase the level of verification required for a user to log in to an account, application or system, depending on the context of the login. RBA tools calculate a risk score for each login attempt in real-time based on contextual factors such as login time, IP address, geolocation, and device type. The higher the risk score, the more likely the login attempt is fraudulent; thus, more levels of verification are required.
An increasing number of data breaches involve the use of lost or stolen credentials, so it’s crucial that you implement further security to ensure that bad actors can’t access your company’s most sensitive data, even if they do crack an employee’s password. RBA is a cost-effective solution to the threat of credential theft, and authentication solutions are generally easy to deploy, configure and maintain. This makes them ideal not only for enterprises that may need to onboard large numbers of employees at once, but also SMBs that often don’t have the resources to implement expensive or complex security solutions.
RBA solutions combine multiple authentication methods to prevent fraudulent account access, and they weave these methods into a seamless login experience that causes as little disruption to the user as possible. For example, a user may attempt to sign in using their credentials, then be prompted to enter a one-time-passcode generated by their authenticator app. To enter that code, they must unlock their smartphone with a PIN or fingerprint scan.
This common workflow verifies the user via the three main types of authentication (something they know, have and are), whilst confirming that the login attempt is coming from a genuine user, in real-time, using a trusted device. When investing in an RBA solution, it’s important that you choose the method of authentication that is the most compatible with your employees (e.g. do they all have smartphones?), and provides the best protection against the threats that they’re facing.
In this article, we’ll explore the top ten risk-based authentication solutions designed to secure your company’s data against credential theft. We’ll look at features such as supported authentication methods, integrated single sign-on (SSO), policy configuration, management and reporting. We’ll also give you some background information on the provider, as well as the type of customer that each solution is most suitable for.