"Adaptive Multi-Factor Authentication"?
Before we jump into defining "Adaptive Multi-Factor Authentication", it's important to understand why it exists in the first place.
Simply put, most web services depend solely on user IDs and Passwords for access. However, when you consider the billions of stolen credentials and the fact that 62% of all credentials are simply reused from site to site and service to service, it's clear in this day and age, a simple ID & Password alone is no longer secure.
To increase security, additional "factors" are layered into the authentication process to prevent unauthorized users with stolen credentials from accessing applications and data potentially resulting in costly fines to the service provider, bad press, and heartache for the violated user(s). Multi-Factor Authentication (MFA) is simply a method for authenticating a user by requiring two or more "kinds" of evidence. These types of evidence include: 1) Something the user "knows" like an ID, PIN, answer to a personal question, and/or password. 2) Something the user "has" or "has been given" that was not knowable prior to authenticating like a hardware device/token, key FOB or a one time passcode. 3) Something the user "is" such as a finger-print or some other physical bio-metric.
While MFA greatly increases security, asking the user to enter or include additional factors on every login or sensitive transaction is not always ideal, especially when the users are your customers.
This is where "Adaptive Multi-Factor Authentication" (AMFA) comes in.
AMFA invisibly interrogates hundreds of factors, including behaviors, as an extra set of "factors" and evaluates if there is enough of a match with a user's known profile to allow the user to access a site or service without requiring the user to enter any additional factors. This greatly enhances security without changing the user experience. However, when an unauthorized user attempts to gain access with stolen credentials and the additional factors and behaviors normally seen don't line up, the login is prevented and challenged.
aPersona's Adaptive Security Manager is the most cost-effective AMFA solution on the market and allows your application users to experience effortless application security.
Why you should care?
Aside from the fact that all companies should take their customer data security seriously, not having adequate authentication mechanisms in place increases the potential of corporate PII breach risks including:
• LEGAL LIABILITY
– Government Enforcement Action
– Class Actions
– Individual Actions
• REPUTATIONAL EXPOSURE
• BUSINESS CONSEQUENCES
• SEC/SHAREHOLDER ISSUES
• EMPLOYEE/CUSTOMER ISSUES
• TYPICAL BREACH COSTS
– Outside Counsel
– Credit Monitoring
– Security & Technology upgrades
– Defense costs