HOME

TheInfoList



Click Here for Items Related To - Risk-based Authentication
OR:
Risk-based Authentication on:   [Wikipedia]   [Google]   [Amazon]

In
Authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...
, risk-based authentication is a non-static authentication system which takes into account the profile (IP address, User-Agent HTTP header, time of access, and so on) of the agent requesting access to the system to determine the risk profile associated with that transaction. The risk profile is then used to determine the complexity of the challenge. Higher risk profiles leads to stronger challenges, whereas a static username/password may suffice for lower-risk profiles. Risk-based implementation allows the application to challenge the user for additional credentials only when the risk level is appropriate. The point is that user validation accuracy is improved without inconveniencing a user and risk-based authentication is used by major companies.


Criticism

* The system that computes the risk profile has to be diligently maintained and updated as new threats emerge. Improper
configuration Configuration or configurations may refer to: Computing * Computer configuration or system configuration * Configuration file, a software file used to configure the initial settings for a computer program * Configurator, also known as choice boar ...
may lead to unauthorized access. * The user's connection profile (e.g.
IP Geolocation In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geogra ...
, connection type, keystroke dynamics, user behaviour) has to be detected and used to compute the risk profile. Lack of proper detection may lead to unauthorized access.


See also


References

* http://www.google.com/patents/US20050097320 Authentication methods Computer access control Applications of cryptography Access control Password authentication {{crypto-stub