Continuous authentication solutions, which re-authenticate users throughout an online session, are designed to be one of the most secure authentication methods available today.
From login to logout, continuous authentication monitors biometric, behavioral, and context-based data in real time to continually confirm the user’s identity and flag anomalies. If the user is idle or the system detects a change to pre-determined user patterns, the account is blocked or the user is forced to re-authenticate.
With continuous authentication, user identity data points can be tracked (sometimes in combination) in real time. The most common data points used today include:
Geographic device posture
Screen swipes on phones, tablets, and touchscreens (including force of touch)
Time of access
Typing speed and patterns
The above list is not exhaustive; it’s a sampling of the wide variety of behavioral data that can be tracked.
Why Continuous Authentication Is Needed
In today’s connected world, we rely on technology for instant access to our highly confidential personal information. We use websites and apps to manage our finances, access healthcare, and track our medical data, and we expect them to be safe and secure.
When we sign into our online accounts, we are often asked to authenticate our identity with a username and password. We may even be required to prove who we are with a second factor, such as facial recognition, a fingerprint, or a Yubi key. While these are effective ways to authenticate users at login, they do not automatically keep users secure through an entire online session. There is no way to ensure the current user is the same user who authenticated themselves when they logged in unless continuous authentication is used.
Initial Authentication Alone May Not Be Sufficient
Even the most secure systems can be compromised by outside hackers, careless employees, and malicious insiders (or disgruntled former employees). Performing continuous authentication by monitoring user behavior, biometric information, and context-based data can help reduce these risks.
Hackers work 24/7 to come up with new ways to impersonate users. They’ve gone beyond attacking at the point of sign-in and are now breaking into accounts after authentication takes place. When continuous authentication is used, it lessens the risk of threats like brute force attacks, social engineering, and phishing.
Careless behavior by remote or onsite workers can pose a security risk even after they successfully authenticate themselves in company systems.
For remote users, risky behavior includes using unsecured connections (at home or at the local coffee shop) and sharing corporate applications or devices with family and friends.
For onsite employees, risky behavior includes leaving workstations unlocked and unattended (which can lead to “tailgating”) or sharing access to company resources with unapproved employees (“piggybacking”).
For both remote and onsite workers, risky behavior includes unknowingly using compromised passwords from personal accounts for work-related devices or systems.
If network systems aren’t secure, disgruntled current or former employees can pose an enormous risk to the entire enterprise.
Angry former employees who still have access to sensitive information can use it for personal gain or nefarious reasons.
Current employees can knowingly allow unauthorized internal users to “piggyback” on their session.
Continuous authentication can help identify these risks by monitoring IP addresses, geographic data, and more.
How Continuous Authentication Works
Continuous authentication starts with traditional authentication, where users have to provide credentials that prove they are who they say they are.
Behavioral, Biometric, and Context-based Monitoring
After initial authentication, continuous authentication kicks in. It monitors a user’s behavior to build a rich profile of “normal” behaviors, which are used as the standard to measure future activity. These unique biometric characteristics cannot be spoofed, which makes continuous authentication one of the most secure authentication methods.
Example 1: Natalie
When Natalie signs into her bank's mobile app on her smartphone, the continuous authentication server measures her current behavior to make sure it is consistent against the “standard” data stored in her user profile.
The standard profile data has determined that Natalie:
Uses a smartphone with AT&T as the service provider
Signs onto the bank’s mobile app between 10 pm and midnight
Always logs in with a PIN and has never failed a login
Is almost always located in Chicago and is rarely outside of the U.S.
One day, the server notices that Natalie signs into her device from Sweden, 15 minutes after she signed in from Chicago. This anomaly is flagged as abnormal, if not impossible. Based on continuous authentication rules, her account is disconnected and blocked immediately.
Example 2: Olivia
Olivia’s standard behavior data points have been stored in her user profile on her employer’s network. Similar to Natalie, she logs in at a consistent time every day and has never failed a login attempt.
Suddenly, Olivia attempts to log in at 3 am and fails the first two times. On the third attempt, she types the correct credentials. However, since she failed the first two times, and this is uncharacteristic of her standard behavior, continuous authentication rules require her to re-authenticate with her fingerprint.
Use Continuous Authentication to Protect Your Enterprise
Hackers are always looking for new ways to break into secure systems, and many users don’t take cybersecurity seriously, which can compromise their accounts. To counteract these realities, companies can use continuous authentication to monitor user activity from login to logout and deliver strong authentication without active participation from the user. It’s seamless to the user and helps ensure that only approved users get access.