With the demand to set up a remote workforce quickly and efficiently, organizations face new challenges around controlling exactly who has access to corporate data outside the safety of the office network.

Authentication plays a central role in cybersecurity and the evolution to MFA has helped to secure access. But cybercriminals are constantly evolving their tactics. As a result, identity and access management (IAM) systems are rapidly implementing very sophisticated AI to further strengthen their security offerings.

While traditional MFA is a great first step to securing your users, passwords still remain a weak point. That's because users are notorious for bad password practices. By adding additional factors beyond the password businesses can help thwart password spray and social engineering attacks and stop hackers using stolen credentials from ever entering the account.

However, hackers are clever and even with MFA, people's accounts can be compromised. This is especially true for those users who are working remotely. Devices can be stolen, SMS one-time passwords can be intercepted, VPN connections can be exploited, and biometrics can be hacked or faked.

The IAM industry has responded with risk-based authentication. Standard MFA captures information about what the user knows, like a password, what the user has, like his or her phone, and even who the user is via biometrics. Risk-based authentication allows for additional factors that help determine if the user really is who they say they are. This is done by comparing their past login behavior to the current authentication attempt, providing the context that is missing in standard MFA.

As we've seen with COVID-19, setting up a fully remote workforce can lead to a milieu of daunting security challenges. Without the safety of the office network, your users are now accessing sensitive corporate data from locations that you can't control and from WiFi connections that you didn't secure. You can learn more about setting up a remote workforce in the, 5 Steps to Set Up a Secure Remote Workforce During a Crisis with IAM whitepaper here.

Risk-Based Authentication using AI

To implement risk-based authentication, companies, like OneLogin, use AI-backed technologies. The AI assesses and weighs individual factors about the login attempt and creates a risk score for the scenario. And then based on the risk score, the technology determines what factors it will ask the user to provide in order to gain access, or, depending on the risk score, it might deny the user access altogether.

Risk engines, like OneLogin’s Vigilance AI™, monitor a number of factors in a user’s login attempts over time and build a profile for each user to understand patterns. When a user varies from that profile on a given authentication attempt, the AI system assesses the variable factors and determines a risk score for the current login attempt.

Some of the factors typically accounted for include:

• Network reputation
• User’s geographic location
• The device fingerprint
• Time of login

The final output of the analysis is a risk score that can dictate actions. For example, based on the risk score, OneLogin’s SmartFactor Authentication™ adjusts authentication requirements. If the risk score is high, the user might be asked for another authentication factor like a fingerprint scan, or the login might be denied entirely.

While the key benefit of AI-powered risk-based authentication is security, it can also streamline the authentication process, which is important when all of your employees are consistently accessing your networks from remote locations. With standard MFA, users are prompted for additional factors at every login attempt. Enter your username and password, then answer a security question. With AI-powered authentication, low risk users might not be asked for any additional factors, making login faster and less painful.

As the future of work continues to evolve and change the way people interact with technology, AI and machine learning will continue to bring new ways to accelerate efficiencies and offer rich insights that improve the speed and agility of how work gets done.

For an in-depth look at leveraging AI-powered MFA for remote work, download our e-Book.

About OneLogin

OneLogin is the identity platform for secure, scalable, and smart experiences that connect people to technology. With the OneLogin Trusted Experience Platform, customers can connect all of their applications, identify potential threats, and act quickly. Headquartered in San Francisco, CA, OneLogin secures over 2,500 customers worldwide, including Airbus, Stitch Fix, and AAA. To learn more visit www.onelogin.com.