Why Adaptive Authentication Will Kill Off Single Sign-On
Not quite familiar with the new buzzword in Identity and Access Management: adaptive authentication? Learn why adaptive authentication is about to replace traditional single sign-on and multifactor authentication and why you – as either the provider of online services or being responsible for a secure and modern corporate infrastructure – should consider implementing adaptive authentication as soon as possible.
The technology and concept behind identity federation was introduced several years ago, and with it came the birth of “single sign-on.” Today, single sign-on is a popular and frequently used buzzword when it comes to identity federation and Identity and Access Management, and with good reason.We all know how frustrating it is to create and enter new usernames and passwords over and over. From a business perspective, passwords also create a security issue, as many employees develop poor password habits, such as using the same username and password across multiple personal and corporate applications. In the last couple of years, we have experienced an enormous increase in data leaks where login credentials are sold to the highest bidder. These leaks have exposed millions of both private and corporate accounts.
Furthermore, organizations spend an enormous amount of time and resources on administrating and resetting forgotten passwords and accessing various applications while employee productivity is hampered by the amount of time they spend on signing in to systems or resetting forgotten passwords. That is why solutions with single sign-on capabilities – such as Safewhere Identify – have become popular in many types of businesses.
Just to clarify: Single sign-on is a process where users identify themselves once to a central solution, and after a successful authentication, gain access to multiple connected applications with a single username and password and without the need to reauthenticate each time.
With single sign-on, the authentication process is typically the same for all user types and devices with a username/password as the standard authentication method. In some cases, a second authentication factor is demanded for gaining access to more sensitive information.
Single sign-on and multifactor authentication still work perfectly well in some cases, but as single sign-on has hit puberty, a new and more intelligent authentication concept has been born. It has many different names, such as risk-based authentication or contextual authentication, but we prefer using the term adaptive authentication.
So why do we claim that adaptive authentication will kill off single sign-on?
We admit that killing is a bit of a strong statement – but nonetheless…
…If we compare single sign-on with adaptive authentication, there’s a big and radical change in the intelligence of the solution, with adaptive authentication being the clever one.
Adaptive authentication contains single sign-on capabilities, but has the ability to measure the risk level of a user’s login and automatically trigger stronger authentication mechanisms, such as multifactor and biometric authentication, when necessary – and only when necessary. This allows organizations to offer a simple and convenient user experience while maintaining a high level of security to protect data, systems, and applications.
Adaptive authentication can be set up in accordance with the organization’s security and access policy and the risk level of a login can be determined by a lot of different context factors.
Some examples of the business benefits of adaptive authentication
Solves the security challenge of Bring Your Own Device (BYOD):
While BYOD can be a great benefit to organizations, it can also be a major data security risk if not managed correctly.
With adaptive authentication, it is possible to apply strong security rules for private and mobile devices. The solution can differentiate between mobile devices and company laptops and, for example, be set up to always prompt for an additional login factor when users attempt to grant access from mobile devices, or simply don’t provide access from mobile devices at all. Another possibility is to require different levels of authentication, depending on if a user is connected to the corporate network or using a remote network service.
Balances security and usability:
Users want their online experiences to be as simple and convenient as possible and to not be bothered by needlessly complicated authentication processes. Adaptive authentication enables organizations to always apply the most appropriate level of authentication to each single login request. A common example of this is when you log in to your bank’s website just to check your bank account, you only need to provide a username/password, but when you want to transfer money to another bank account, you are prompted for a stronger method of authentication.
This way, adaptive authentication allows organizations to maintain strong data security without compromising the user experience.
Want to learn more about the benefits of adaptive authentication? Visit our website at www.safewhere.com or give us a call at +45 71 99 90 07