Elevated authentication in the enterprise
How corporations are enabling access to high-security apps
15 May, 2015
category: Corporate, Digital ID, Financial, Library
Shifting password authentication off the stack
To date, adaptive authentication has been used behind the scenes to improve the assurance level provided by passwords. But adaptive authentication techniques are broadening in scope and seeing enhancements via big data techniques.
So what’s to stop adaptive authentication from coming out of the shadows to replace passwords for lower assurance applications? In other words, what if identity assurance levels are maintained and usability is improved by replacing password authentication with adaptive authentication?
There could be big usability gains as users are granted application access without an obvious authentication process. But it’s by no means the universal response to all of the challenges in authentication. At the end of the day, stronger technologies – like OTP, smart card and mobile – will be required for high-assurance applications.
The second act
If adaptive authentication techniques become the replacement for passwords, then elevated authentication will see increased usage ride the coat tails of adaptive authentication. As users will inevitably run into high-assurance applications, the initial adaptive authentication will not past muster, and users will be forced to elevate.
In order to support broad consumer use cases, a selection of elevated authentication methods will be required.
Elevated authentication enables enterprises to put other authentication mechanisms in place for access to higher-security information and applications
A little elevation goes a long way
By definition, elevated authentication should be used sparingly. Its usage should be less frequent as compared to a primary authentication method; be it something traditional like a password or more cutting-edge like adaptive. After all, if an enterprise frequently pushes users into elevated authentication events, mutiny awaits.
In these instances, the enterprise is better off turning the elevated authentication method into the primary method. Doing so will improve usability by reducing the number of user authentications and potentially confusing application interactions.
The wrap up
One size does not fit all for authentication methods, and this is particularly true when your users are consumers rather than employees. Multiple elevated authentication methods are required to support these users.
Adaptive authentication adoption is accelerating – not only for background authentication but moving up the stack to replace primary authentication methods like passwords. When it happens, the use of adaptive authentication as a primary authentication mechanism is likely result in the broader deployment of elevated authentication methods.