Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
What Is Continuous Authentication? | Ping Identity
Identity Fundamentals
What is Identity and Access Management (IAM)?
Identity Providers and Service Providers
Centralized Identity Management
What is Centralized Identity Management?
How Does Centralized Identity Management Work?
Centralized Identity Standards
SAML
OAuth
OpenID Connect (OIDC)
Decentralized Identity Management
What is Decentralized Identity Management?
How Does Decentralized Identity Management Work?
How is Decentralized Identity Different?
Decentralized Identity Standards
Common Terms
Zero Trust Security
Orchestration
Authentication
Authorization
Authorization Methods
User and Account Provisioning
Single Sign-on with a Directory
Dynamic Authorization
Protocols
LDAP
SCIM
WebAuthn
Kerberos
WS-Trust
What Is B2B Identity and Access Management (B2B IAM)
Agentic AI
Key IAM Considerations to Support Agentic AI
AI Agent Classes and Use Cases
IAM Best Practices for AI Agents
Reference Implementations and Patterns
Expand All | Collapse All

What Is Continuous Authentication?

 

Continuous authentication solutions, which re-authenticate users throughout an online session, are designed to be one of the most secure authentication methods available today. 

 

From login to logout, continuous authentication monitors biometric, behavioral, and context-based data in real time to continually confirm the user’s identity and flag anomalies. If the user is idle or the system detects a change to pre-determined user patterns, the account is blocked or the user is forced to re-authenticate. 

 

With continuous authentication, user identity data points can be tracked (sometimes in combination) in real time. The most common data points used today include:

 

  • Behavioral biometrics 

  • Browser activity 

  • Device reputation

  • Geographic device posture

  • IP addresses

  • Mobile sensors

  • Mouse movements 

  • Physiological biometrics

  • Screen swipes on phones, tablets, and touchscreens (including force of touch)

  • Time of access

  • Typing speed and patterns 

 

The above list is not exhaustive; it’s a sampling of the wide variety of behavioral data that can be tracked. 

 

A graphic titled Continuous Authentication Simplified contains 3 boxes 1 Create rich account profiles based on user behavior data points 2 Add continuous monitoring across all platforms anywhere the user is working Salesforce Zoom internal systems etc and 3 Continually evaluate current data points against the norm to make sure no one has hijacked the sessionContinuous Authentication

 

Why Continuous Authentication Is Needed

 

In today’s connected world, we rely on technology for instant access to our highly confidential personal information. We use websites and apps to manage our finances, access healthcare, and track our medical data, and we expect them to be safe and secure. 

 

When we sign into our online accounts, we are often asked to authenticate our identity with a username and password. We may even be required to prove who we are with a second factor, such as facial recognition, a fingerprint, or a Yubi key. While these are effective ways to authenticate users at login, they do not automatically keep users secure through an entire online session. There is no way to ensure the current user is the same user who authenticated themselves when they logged in unless continuous authentication is used.

 

Initial Authentication Alone May Not Be Sufficient

Even the most secure systems can be compromised by outside hackers, careless employees, and malicious insiders (or disgruntled former employees). Performing continuous authentication by monitoring user behavior, biometric information, and context-based data can help reduce these risks.

 

Outside Hackers

Hackers work 24/7 to come up with new ways to impersonate users. They’ve gone beyond attacking at the point of sign-in and are now breaking into accounts after authentication takes place. When continuous authentication is used, it lessens the risk of threats like brute force attacks, social engineering, and phishing. 

 

Careless Employees

Careless behavior by remote or onsite workers can pose a security risk even after they successfully authenticate themselves in company systems. 

 

  • For remote users, risky behavior includes using unsecured connections (at home or at the local coffee shop) and sharing corporate applications or devices with family and friends. 

     

  • For onsite employees, risky behavior includes leaving workstations unlocked and unattended (which can lead to “tailgating”) or sharing access to company resources with unapproved employees (“piggybacking”). 

     

  • For both remote and onsite workers, risky behavior includes unknowingly using compromised passwords from personal accounts for work-related devices or systems.

     

Malicious Insiders

If network systems aren’t secure, disgruntled current or former employees can pose an enormous risk to the entire enterprise. 

 

For example:

 

  • Angry former employees who still have access to sensitive information can use it for personal gain or nefarious reasons. 

  • Current employees can knowingly allow unauthorized internal users to “piggyback” on their session. 

 

Continuous authentication can help identify these risks by monitoring IP addresses, geographic data, and more. 

 

How Continuous Authentication Works

 

Continuous authentication starts with traditional authentication, where users have to provide credentials that prove they are who they say they are.  

 

Behavioral, Biometric, and Context-based Monitoring 

After initial authentication, continuous authentication kicks in. It monitors a user’s behavior to build a rich profile of “normal” behaviors, which are used as the standard to measure future activity. These unique biometric characteristics cannot be spoofed, which makes continuous authentication one of the most secure authentication methods. 

 

Example 1: Natalie

When Natalie signs into her bank's mobile app on her smartphone, the continuous authentication server measures her current behavior to make sure it is consistent against the “standard” data stored in her user profile. 

 

The standard profile data has determined that Natalie:

  • Uses a smartphone with AT&T as the service provider

  • Signs onto the bank’s mobile app between 10 pm and midnight

  • Always logs in with a PIN and has never failed a login

  • Is almost always located in Chicago and is rarely outside of the U.S. 

 

One day, the server notices that Natalie signs into her device from Sweden, 15 minutes after she signed in from Chicago. This anomaly is flagged as abnormal, if not impossible. Based on continuous authentication rules, her account is disconnected and blocked immediately. 

 

Example 2: Olivia 

Olivia’s standard behavior data points have been stored in her user profile on her employer’s network. Similar to Natalie, she logs in at a consistent time every day and has never failed a login attempt. 

 

Suddenly, Olivia attempts to log in at 3 am and fails the first two times. On the third attempt, she types the correct credentials. However, since she failed the first two times, and this is uncharacteristic of her standard behavior, continuous authentication rules require her to re-authenticate with her fingerprint. 

 

Use Continuous Authentication to Protect Your Enterprise

 

Hackers are always looking for new ways to break into secure systems, and many users don’t take cybersecurity seriously, which can compromise their accounts. To counteract these realities, companies can use continuous authentication to monitor user activity from login to logout and deliver strong authentication without active participation from the user. It’s seamless to the user and helps ensure that only approved users get access. 

Related Resources

Capability

   

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.