Multi-factor authentication or MFA is designed to protect your identity by forcing you to enter a second independent security method to determine it’s really you. Yet like every security system, there is a fine-line between usability and safety. That’s why OneLogin rolled out a new version of its mobile MFA tool today that uses machine learning to determine your typical usage patterns and only asks you for a second factor when it determines that it’s absolutely necessary.
OneLogin CEO Thomas Pedersen says most MFA algorithms are rather rigid. If you’re on the network at work, you get asked for a password. If you’re not, you get asked for a second factor, but he says, it should be much more subtle than that, understanding how users access the network.
The new product called Adaptive Authentication is designed to fix that. If you log in regularly from your home on the same laptop, after several times the system will learn that this is a common location and device, and you will be allowed onto the network without a second factor.
Pedersen says many users were tiring of pulling out their cell phones to obtain a second form of authentication when they were logging in regularly from the same location. The tool begins to learn what is a high risk and what is not by looking at things like location, device and so forth and assigning a risk score between 1 and 100. This way, the system will only ask for that second factor when the risk is sufficiently high (however the customer defines that).
We have certainly learned the hard way over the last several years, that passwords alone are not sufficient defense against hacking. MFA is a mechanism to ensure that in addition to your password that you are really you and not someone pretending to be you. It’s a second (or even third) method that puts a much tougher obstacle in front of the hacker with a stolen or guessed password.
Typically, you might be sent a numeric code to your phone via SMS or via an authentication app like OneLogin OTP, which you have to enter to use an application, or you might have to tap a USB security key like a Yubikey to get in.
Whatever the second factor, it tends to be a heck of a lot more secure than a simple password. Still, some users were finding it’s a bit of a pain to pull out their cell phones every time they need to sign into an enterprise app, and this new tool is designed to remove some of the friction of identifying yourself in common situations.