Adaptive authentication is a method of authentication used by organisations to accurately verify user identity and authorization levels. It can accomplish both tasks using certain factors such as end-user behaviour, location and device status.
Using these factors, it can choose the method with which the user should prove and authenticate their identities. Adaptive authentication is executed through the creation of separate multiple user profiles. These profiles would include geographical location, registered devices, role, etc.
With these profiles, the user is given a specific risk profile which is in turn used to ascertain just how complex the type of authentication will be.
Types of Adaptive authentication
- Email notification: In this type of authentication, the user sends an email request to the organisation, who holds the rights to reject or accept the request. Rejection can occur if the request seems malicious or spammy.
- SMS notification: This kind comes into use for online payments either through credit or debit cards. The sms notification containing a confirmation code is sent. If the purchase is not one authorised by the user, they can report it to the bank to prevent any further attempts.
- Blocking access: If the user’s request for authentication is unsatisfactory, that is, the specific risk criteria are met, the organisation can proceed to block the account.