What Is Continuous Authentication?

Technology users today are spoiled when it comes to the types of devices and the variety of platforms they can use to stay connected to work and social groups. They can access their accounts from anywhere and at any time — as long as they can authenticate their identities.

However, the process of authentication as we know it has remained largely static. The user provides a system with their credentials at the time of access, the system matches it against its database of user data. Then the system provides the user access to the network credentials are successfully validated.

Continuous authentication brings in a new approach to network security. Continuous authentication can help an organization protect itself from “session imposters” who try to take over sessions that are open even after the employee is done using them. It also helps organizations protect their network from credential stuffing attacks and phishing.

Continuous Authentication

In continuous authentication, users are rated based on “authentication scores”, which aim to determine, based on user behavior, if the user is actually who they are claiming to be. With advanced algorithms, which are quickly becoming smart enough to understand human behavior, networks can monitor user behavior to determine a user’s authenticity. No This Is Patrick GIF - Patrick Spongebob Krusty GIFs

For example, in a banking application, if the security solution detects an anomaly in user behavior, it can prompt a logout or request for additional information like a fingerprint or password to ensure that the account is used only by the designated individual.

Continuous authentication has become powerful enough to analyze information from the various sensors of smartphones and other devices to monitor the pressure on the keypad, the amount of time spent on an application, etc.

With certain continuous authentication solutions, organizations can also assign restrictions based on tolerable risk by specifying the minimum confidence score and factors like a user’s location or time of the access request.

When organizations implement a continuous authentication solution, think in terms of acceptable risk and context; certain applications in your network might need lower authentication scores than other, more critical applications.

While planning to deploy a continuous authentication system, it is also important to ensure that the system is compatible with the company’s existing security solution and can cover all the areas of the organization’s network.

This UrIoTNews article is syndicated fromDzone