SmartFactor Authentication™: Next-Gen Security Your Users Will Love

February 6th, 2020   |     |  product and technology, security & compliance

There is hardly a day that goes by where you don’t come across an article in your news feed about the next big, flashy application of AI that will change the world. Nearly every company in the game, from retail to banking, has already implemented or have plans to implement machine learning technology into their core products and services – and for good reason. The goal: Make quicker, more intelligent decisions to improve user experiences and thereby grow the business.

In the context of identity management, AI has the power to help organizations provide intelligent threat protection, while providing a better experience for end-users.

But how did we get here?

Evolution of authentication

The username and password has been at the center of access since the beginning of the internet. Whether it’s your personal machine or accessing a bank account online, a username and password is almost always required and often the only method used to confirm your identity.

However, hackers exploit the fact that over 70% of employees reuse personal passwords across their corporate applications. Stolen credentials, whether obtained from a data breach or purchased on the dark web, are then used by attackers to log into other applications, increasing their chances of success.

To combat this, users should ideally choose strong, unique passwords for each and every application and never use the same password for corporate and personal accounts. However, in the endless battle to prevent password reuse, tools like multi-factor authentication (MFA) provide an extra layer of security that does not rely solely on passwords to authenticate a user. Instead, users are required to provide additional authentication factors, such as an OTP code or an answer to a security question, in order to verify they are who they say they are.

The problem? Deploying MFA in front of all users and apps may enhance security, but at the expense of user experience. Imagine if every time you return from your desk after getting another cup of coffee, you have to enter your username and password to send a code to your phone before you can access your workspace and get back to what you’re doing.

On top of that, cybercriminals have developed sophisticated methods that can intercept one-time passwords or hijack existing sessions to meet or bypass additional authentication requirements altogether.

Why SmartFactor Authentication is better

Unlike the static rules used by standard MFA tools, SmartFactor Authentication leverages the Vigilance AI™ risk engine, which analyzes a broad range of inputs, such as location, device, and user behavior, to calculate a risk score and determine the most appropriate security action to take for each login attempt.

But wait there’s more…

Smart Flows (configurable login steps)

Select the appropriate login flow for different sets of users based on standard, brute-force, or passwordless needs and streamline logins on mobile devices. For some users, enable a traditional login process like submitting a username and password, followed by MFA. For other users, change the order to prompt MFA before the user even enters their password. This is especially useful for defending against brute-force attacks because hackers can no longer randomly guess username and password combinations without being forced to provide additional authentication factors first.

The passwordless login flow effectively prevents credential stuffing because it eliminates the password completely, enabling authentication via more secure biometric methods like Voice using WebAuthn.

Passwordless login flow

Smart MFA (adjust MFA based on risk threshold)

Everytime a user logs in, the system learns and adapts authentication based on typical patterns of behavior. When behavior is outside the norm, such as logging in from a different location on an unrecognized device, security will be stepped up and the user will be required to provide additional authentication. On the other hand, logins with typical user behavior are prompted with fewer authentication factors or can bypass MFA altogether depending on the level of risk.

Smart Access (deny access for high-risk logins)

In the case that user behavior is extremely outside the norm, restrict access to sensitive applications or deny access to the portal entirely.

Compromised Credential Check (breached credential prevention)

With 7 out of 10 employees reusing passwords across corporate accounts, automatically detect credentials compromised by a third-party data breach during password change and password reset to protect against hackers using stolen credentials.

Conclusion

With cyberattacks on the rise, organizations must look to more intelligent solutions that leverage AI to analyze large volumes of data in real-time so that the business can be more confident that a breach will be detected and eliminated before it occurs. Equally important is ensuring employees have a good experience using applications that are critical to business operations. SmartFactor Authentication does both. Quick and simple login flow for end-users and flexible, strong authentication when you need it.

Want to learn more about how SmartFactor Authentication protects your data from cyberattacks? Check out the press release or visit the SmartFactor Authentication page.

Ariel Zommer, Sr. Product Marketing Specialist
About the Author

Ariel Zommer is a Senior Product Marketing Specialist at OneLogin. Ariel is passionate about cloud technology and how it is transforming the way we work, live, and collaborate every day. Prior to OneLogin, Ariel has held strategic marketing roles at Signifyd, IXYS Corporation, and TIE Kinetix.

View all posts by Ariel Zommer

Ariel Zommer, Sr. Product Marketing Specialist
About the Author

Ariel Zommer is a Senior Product Marketing Specialist at OneLogin. Ariel is passionate about cloud technology and how it is transforming the way we work, live, and collaborate every day. Prior to OneLogin, Ariel has held strategic marketing roles at Signifyd, IXYS Corporation, and TIE Kinetix.

View all posts by Ariel Zommer

Secure all your apps, users, and devices