What is adaptive authentication?
Adaptive authentication is a type of multi-factor authentication can be configured and deployed in a way that the identity service provider (IDP) system will select the right multiple authentication factors depending on a user’s risk profile and behavior. Well, it’s also to adapt the type of authentication to the situation.
Adaptive authentication takes a group of variables and develops a risk score, based on rules set by the security team. Each request is evaluated and put through a series of checks until they are either granted or denied access.
Adaptive Authentication can be tailored to each organization’s needs, the employees’ tolerance, and to regulatory requirements. This will allow low risk users to easily login to their corporate applications in a matter of seconds without even knowing they are being given a weighted risk score. On the other hand, if an attacker gets a hold of compromised credentials, it gives the security team a chance at stopping or slowing down the attacker because they will have a higher risk score which will trigger a second factor check.
Geo-location Vs Geo-velocity
Geo-location is the ability of the identity provider to determine the physical location of the device that’s being used by someone attempting to identify themselves. When you connect to such a site, your IP address is checked to determine where the endpoint you are connecting from is physically located.With this information, the service provider can determine if you should be granted access to a particular set of resources based on where you are in the world.
Unlike geo-location, geo-velocity is less concerned with where you are currently located, but rather the distance been your current location and where you last logged in.Since even the fastest modes of transportation can only cover so much distance in a given time; an employee logging in while physically in New York City at 9 am couldn’t then log in from Los Angeles at 11 am Eastern Time — 2 hours later. There’s no method of travel that would let them cover that distance in that little time. It’s much more likely that two different people are attempting to log in, which would indicate either fraud or the sharing of login information — both dangerous to the organization.
Geo-velocity support authentication
“The User Was Home an Hour Ago and Can’t Get Across the Country That Fast.”
Since even the fastest modes of transportation can only cover so much distance in a given time; user logging in while physically in New York City at 9 am couldn’t then log in from Los Angeles at 11 am Eastern Time — 2 hours later. There’s no method of travel that would let them cover that distance in that little time. It’s much more likely that two different people are attempting to log in, which would indicate either fraud or the sharing of login information — both dangerous.
“If someone’s last login location is South Korea, next login location can’t be North Korea.”
Since we all know, it’s forbidden for someone to enter North Korea from South Korea, two consecutive logins can’t be from South Korea and North Korea. For this purpose, a database can be maintained to store specific locations which are having geographical barriers and which are identified as forbidden areas because of terrorism.
“User used to live in Sri Lanka and he migrate to USA 1 year ago, therefore it is suspicious if someone login to the system in Sri Lanka after he logged in USA 2 hours ago”
Even though the user used to login in Sri Lanka, now he is living in USA. Therefore Sri Lanka also should consider when authenticating by geo-velocity for two consecutive logins. For this purpose, it can be maintained a counter to store frequent logins from a particular location with logging time. For a particular period,if number of loggings from that location is below the expected level that location can be removed from user location profile.
As a conclusion,Geo-velocity support adaptive authentication is for limiting access to particular physical locations and ensuring people aren’t traveling faster than the fastest airplanes would allow; fraudulent users can be denied access while legitimate users are then able to log in without disruption, and suspect users are required to provide additional proof of identity.