Should businesses use adaptive authentication and biometric security?
CYBERSECURITY is the need of the hour and businesses need to make sure that digital gateways to their systems are protected, whether providing access to customers or employees.
As a customer or an “end-user” on the internet, you might have noticed that some sites, typically those providing you email or banking services, ask you to secure your account using multi-factor authentication.
The reason that is, is because analysis has revealed that a significant proportion of hacks are a result of users being careless about their login credentials.
They typically ask you to enter a code that they send to you via a mobile app, a token, or a code generator on your phone.
Sometimes, more advanced digital platforms will require more kinds of authentication like a passphrase, a biometric ID or something similar.
While these security features are becoming more and more common and add an extra layer of security to an account, they hamper the user experience.
Imagine forgetting your (already complicated alpha-numeric) password (with special characters) and then realizing that you don’t have a decent network on your phone – so the PIN doesn’t arrive via SMS on time. And when it finally does, the session has timed-out. Has happened to most of us, hasn’t it?
However, what if there was a way to maintain that level of digital security without compromising the experience? You can, with adaptive authentication.
How does adaptive authentication work?
Let’s get to imagining things again. Imagine a world where you go to your desk at home or office, key in your password on your laptop, and are granted access to your mailbox or software instantaneously.
However, if you go on a holiday, the mailbox or software just “finds out” and asks you for extra help authenticating your identity? Wouldn’t that be awesome? That’s exactly how adaptive authentication works.
So long as the user is using the same device, the same network, and is in the same geographic location and accessing the account within usual hours, access is granted instantly. Change one of the variables – and you’ll raise red-flags requiring more security measures.
What throws up red-flags for adaptive authentication?
Varying any of the ordinary variables that contribute to and ordinarily confirm a user’s identity will lead to a red flag.
That was a mouthful, right? Let’s make it simpler.
Say you work in Singapore from 8:00 AM to 6:00 PM SGT and sign into a “product” that is secured using adaptive authentication. You’re not asked for anything other than your password and sign out at the end of the day.
However, you leave your laptop running. In the event of a break-in, if a thief has your credentials for the “product”, he or she could use your device, network, and credentials, to attempt to log-in.
However, their attempt is likely to be thwarted as the “product” will ask for additional authentication because it knows that it is being accessed at an hour that’s outside of your regular working hours — and not in line with your behavioral patterns.
How does biometrics fit in with adaptive authentication?
Okay, this is the exciting part. For the purposes of adaptive authentication, biometrics can be categorized in two different ways.
One, you could have a physical biometric attribute attached to your credentials that can serve as the second layer/factor for authentication of your user profile.
Two, the interesting bit, is having behavioral biometrics run in the background to check if you’re scrolling, moving the mouse’s pointer, and typing in the way you usually do. If you’re not, you should ideally be “kicked out” of the system.
And this behavioral biometrics can be tested each time you’re about to do “something important” within the system – turning this into a continuous authentication feature that transforms both security and user experience at the same time.
So, say you log into your bank account and then leave in a rush and in a split second, someone hypothetically takes your seat – continuous behavioral biometric security is what will prevent that “threat” from transferring funds out of your bank account.
Overall, adaptive authentication with a layer of biometric security is a great way for organizations to secure their critical networks and data. It might take a bit longer to log in sometimes, but users must value the added advantages it brings to the business and its customers.