Increasing security requirements in day-to-day online activities can be a real hassle for today's creatures of habit and are known to spoil the digital experience. Risk-based authentication is a way to make life easier without taking major risks.
A large part of our daily tasks takes place online and the trend is rising. From simple train ticket searches to managing your assets, most actions contain private data that must be protected from prying eyes on the Internet. The technical solution for the providers is straightforward: A combination of encryption, complicated passwords and several authentication factors are highly likely to identify the user as the one he or she claims to be. On the other hand, the convenience gained for the customer by digitizing the service in question dwindles with each additional factor. While we easily understand the need to protect our privacy and data, we still think the login procedures are tedious.
Risk-based authentication aims to alleviate this problem precisely by counting on humans being creatures of habit. Many of us follow a very regular daily routine and even if we deviate from it, we often use the same services at similar times and usually from the same devices. These metrics and a few other factors can then be used to create a profile specifically tailored to the respective user and service. This assigns a value to the risk that the user who logs on is in fact the person they claim to be. For example, if someone logs on to an online service at the usual time, from their usual location with their computer, they could be allowed to simply authenticate themselves with their user name and password. However, if they were to take this action from abroad while using a borrowed device, they would have to confirm their identity with another factor for security.
With a well-designed risk profile and an smart selection of the factors to be considered, no loss of security is to be expected despite the simplification of daily standard procedures — for several reasons:
As with any cat and mouse game, the creators of Trojans and other shady characters will soon be romping around on this playground, but it will be quite some time before they can simulate the peculiarities of the respective victim sufficiently accurately.