WatchGuard Blog

Why Every Business Needs Risk-Based Authentication

User authentication is a static way to verify the identity of a user when trying to access a protected resource. You may authenticate using a single factor (weak), or multiple factors (strongly recommended).

In a dynamic world, where user mobility impacts security almost 100% of the time, multi-factor authentication has become imperative and key to deploying a zero-trust network. Why?

  • Users are connecting to company resources from different, unprotected networks
  • Working hours have become more flexible, so they could be working from early hours to late evenings
  • Devices could have been shared with other family members
  • And this all means attackers will try to exploit this new world of possibilities
     

Risk-based authentication takes risk factors into account when performing an authentication decision. It goes beyond a static authentication, allowing administrators to create rules that can modify the authentication behavior, sometimes making it easier if the risk is low; or asking for additional steps to ensure this is the right user, and blocking the access if the risk is too high, even if the user provided a correct one-time password (OTP).

Risk factors that could a threat in your organization:

  • Which network are you connected to?
  • Is your computer safe?
  • Are your mobile devices safe?
  • What is your current location?
  • Are your device and computer located in the same place?
     

Without risk policies in place, your company would need to enable the most secure authentication method at all times, for all users, potentially causing user friction for some segments. Risk authentication is a way to modernize your strategy by using the precise amount of security with customized risk protection that improves your ability to detect and respond to threats. 

Want to learn more about risk-based authentication? Read the Risk Authentication and Zero-Trust Security eBook >