Submitted by indraraj.wso2.com on Wed, 12/04/2024 - 00:39
Adaptive Multi-Factor Authentication (MFA)
Guard your business and your users against unauthorized access to your network, applications and sensitive data.
Add an extra layer of protection by requiring users to provide two or more verification factors when logging in.
Try Asgardeo
What is Adaptive MFA?
MFA offers an extra layer of protection against unauthorized access by requiring users to provide two or more verification factors when logging in to a resource. These factors may include something the user knows (such as a username/password or PIN), something the user possesses (such as a USB security key), or a biometric factor (such as a fingerprint or facial scan).
Adaptive MFA adds flexibility and ease of use by adjusting the security requirements for each user login, according to its specific circumstances. For example, an adaptive MFA policy may require additional authentication steps if a user is trying to log in from an unusual location, using an unfamiliar device, or attempting to access a particularly sensitive application.
Adaptive MFA works with a broad range of authentication tools to add security, such as one-time passwords (OTP) through email or SMS, FIDO2-compliant security keys, hardware tokens, WebAuthN for biometric factors, plus a range of third-party options such as authenticator apps, Duo Security, and TypingDNA.
Benefits of Adaptive MFA
Usernames and passwords are an important element of security, but are vulnerable to brute force attacks and theft by cyber criminals. The core benefit of adaptive MFA is that it enhances security by requiring users to identify themselves with more than just a username and password. Using MFA has been shown to reduce account takeovers by up to 99.9%.1
For Internal Workforce
Adaptive MFA provides powerful protection against cybersecurity threats such as phishing or brute force password attacks. Even if an attacker obtains or guesses a user’s credentials, the attack can’t proceed without the additional authentication factors required for login.
For External Consumers and Business Customers
Adaptive MFA helps prevent fraudulent activity by providing greater assurance of the identity of external users before allowing access to important apps or proceeding with sensitive transactions. Adaptive MFA also lets users have greater confidence that their personal information is safe when access to it is well protected.
How Does Adaptive MFA Work?
Validate the First Authentication Factor
When a user attempts to access a resource, the adaptive MFA system will check their first authentication factor (most often a username and password, but it could be something else, such as a passwordless method) before proceeding to the next step.
Evaluate Context and Risk Level
Next, adaptive MFA’s policy engine will consider the specific context of the individual login attempt, such as which resource is being requested, user location, or time since last login, and decide whether additional steps are needed. From this information, adaptive MFA determines risk level.
Approve Access or Step Up Authentication Requirements
Adaptive MFA approves low-risk access requests without any additional authentication, or requires additional factors, as defined by the configurable adaptive MFA policy. This ensures the least friction in the users’ experience, while also enforcing the right level of security.
