Risk-based authentication (RBA), also called adaptive authentication, has come of age, and it couldn’t happen fast enough for many corporate security managers. As phishing and account takeovers have blossomed under the pandemic, RBA can become a key technology to protect corporate assets, particularly as remote work is more the rule than the exception.
What is risk-based authentication?
RBA is all about examining “signals,” as the vendors refer to the various observations they make in near-real time as a user moves through the login process or when a customer buys something online. It creates a risk profile of the person or device requesting access to the system. That profile is based on factors or signals including IP geolocation, user behavior, keystroke patterns, and connection type. These factors may change depending on specific threat factors, and this could require ongoing management of risk profiles.
More Stories
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned
In episode 425 of "Smashing Security", Graham reveals how "Call of Duty: WWII" has been weaponised - allowing hackers to...
As Texas floods, so does the internet – with dangerous lies
As Texas reels from devastating floods, conspiracy theorists are hard at work. Read More
Ransomware Attack Stops Nova Scotia Power Meter Readings
Nova Scotia Power revealed that a ransomware attack has prevented meters from sending energy usage data to its systems, impacting...
AiLock ransomware: What you need to know
The AiLock ransomware gang gives its victims just 72 hours to respond and five days to pay up... or else....
Microsoft Patch Tuesday: One Zero-Day and A Potential ‘Wormable’ Flaw
CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO Read More
Yet Another Strava Privacy Leak
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards....