Risk-based Authentication

Today, strong authentication using two factors is best practice for business applications. However, this measure is often considered to be cumbersome in everyday work.

This is where risk-based authentication (or adaptive authentication) comes in. Instead of stricly enforcing the second factor, Airlock IAM analyzes the context of a login attempt and compares it to previous sessions of the same user. Typically, attributes such as the originating network, geographical location or the browser used are considered. In case Airlock IAM concludes that a login attempt occurs from the user's internal workplace or from his home-office, the second factor may be omitted.

Using the „remember me“ functionality of Airlock IAM, it is possible to remember revisiting users based on a browser cookie. The new feature is very useful for applications requiring an indicative user identity even before authentication took place. In case more trust in the user identity is required later on, e.g., because more sensitive parts are accessed, additional step-up authentication provides the required authentication quality.

Highlights

  • Strong security and usability at the same time
  • Adaptive behavior
  • Flexible authentication policy
  • "Remember me" functionality